Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

smitfraud?!?


  • Please log in to reply

#1
earllove

earllove

    New Member

  • Member
  • Pip
  • 7 posts
I have the smitfraud blue screen error reading a fatal error in IE has occured at 0028:C0011E36...error was caused by Trojan-Spy.HTML.Smitfraud.c..system cannot function in normal mode among among other messages on my desktop.. bla bla
I have read multiple forums and none of their solutions seem to work. They tell me to run antivirus or antispyware programs but basically nothing works on my computer including IE except for firefox and aim. When i load a program i get an error box that says application error, the application failed to intialize properly 0xc0000005 click ok to terminate the application.The files that most forums have said to delete are not there. I downloaded killbox and tried to delete files using that program but i had none of the files. Can someone please help, this what hijackthis has returned.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\svcnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hzrrx.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocsv.dll/API32.htm#ID=347;065D
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hzrrx.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hzrrx.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocsv.dll/asst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [Fast Start] C:\WINDOWS\system32\svcnt.exe home
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104285321546
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  • 0

Advertisements


#2
Perculator

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Welcome to Geeks to Go!

Sorry for the delay, the forums are very busy.

If you still need help, please post back here in this topic with a fresh log using HijackThis.

Also do this please:
Open HijackThis
Go to
Open the Misc Tools Session

Press the button ‘open uninstall manager’
Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your answer please.

If you solved the problem, please let me know.
  • 0

#3
earllove

earllove

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hey, good to hear from you.. i was getting worried. Yea i still have this stupid smitfruad bluescreen bs. Below are what you have asked for, thanks alot.

Logfile of HijackThis v1.99.1
Scan saved at 12:21:34 AM, on 7/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\svcnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\SPOOL\DRIVERS\W32X86\3\DLBAJSWX.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WordPerfect Office 11\Programs\wpwin11.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\System32\notepad.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocsv.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocsv.dll/asst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Fast Start] C:\WINDOWS\system32\svcnt.exe home
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104285321546
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe



HERE IS THE UNISTALL LIST



ABBYY FineReader 5.0 Sprint
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0
AIM+ (remove only)
AOL Instant Messenger
Conexant D850 56K V.9x DFVc Modem
Davis's Med Errors Self Test
Dell AIO Printer A940
Dell ResourceCD
Drug Guide For Nurses
FaxTools
HijackThis 1.99.1
Intel® Extreme Graphics Driver
Internet Update
iPod for Windows 2005-03-23
iTunes
J2SE Runtime Environment 5.0 Update 1
Java 2 Runtime Environment Standard Edition v1.3.1_04
LimeWire 4.8.1
Lippincott's Review Series: Medical-Surgical Nursing
MathPlayer
McAfee SecurityCenter
McAfee VirusScan
Microsoft Picture It! Express 7.0
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Mozilla Firefox (1.0)
MSN
MSN Encarta Plus Support Files
MSN Messenger 6.1
NCLEX-RN Review
NutriGenie Nutrition 2005
NutriGenie Weight Perfect
PartyPoker
Planet Poker
PokerStars.net
QuickTime
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy 1.3
TaxCut 2004
Verizon Online Support Center
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888162
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889293
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinZip
WordPerfect Office 11
XoftSpy
Yahoo! Toolbar
  • 0

#4
Perculator

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Open HijackThis
click on
Open the Misc Tools Session

Press the button
open uninstall manager
look in the list for
Party poker

and press delete this item'
Repeat that for
XoftSpy
Cause this program, is not so well known..

Close Hijack This for now.

Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!



Download SmitRem
your desktop.
Right click on the file and extract it to it's own folder on the desktop.

***

Place a shortcut to Panda ActiveScan on your desktop.

***

Please download the trial version of ewido security suite.Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

Launch ewido, there should be an icon on your desktop double-click it.
The program will prompt you to update click the OK button

The program will now go to the main screen
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Download CW-Shredder at the link below:
http://cwshredder.ne.../CWShredder.exe open the program and click
check for update
Once that’s done close the program, we will use it later on.


***
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

***
Now run the CWShredder tool - Hit The FIX button!

***
Open HijackThis
Place a check against each of the following lines

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocsv.dll/blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocsv.dll/asst.htm

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O4 - HKLM\..\Run: [Fast Start] C:\WINDOWS\system32\svcnt.exe home

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

***
Now please remove this folder
C:\Program Files\PartyPoker
If still present.

***
Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
***

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

***

Reboot back into Windows’normal Mode and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let me know if any problems persist.

Edited by Perculator, 25 July 2005 - 08:32 AM.

  • 0

#5
earllove

earllove

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi-
I tried everything you said, but as before i cant run certain programs..I could download CW-shredder and install, same with Ad-aware but i cant run those programs even in safe mode. I deleted the hijackthis entries, ran smitRem, removed the partypoke, and ran Ewido(it worked for some reason) The "security info in the control panel was not present. When i rebooted into reg mode, the blue screen was there but the smitfraud message was not. I could still not use most programs, including IE so i couldent use the Panda Activescan because it requires IE ( i can use firefox only) The message that comes up is "The application failed to initialize properly (0xc0000005). Click on OK to terminate the application" This comes up for most everythign i try and do, and about 20 come up when windows first loads. Here are the logs you wanted.

Logfile of HijackThis v1.99.1
Scan saved at 1:09:12 PM, on 7/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104285321546
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe


smitRem log file
version 2.2

by noahdfear

The current date is: Thu 07/28/2005
The current time is: 1:24:58.62

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~

AntiVirusGold


~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

svcnt.exe
wp.bmp


~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN!


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:58:46 PM, 7/28/2005
+ Report-Checksum: E02C7C2B

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DABFF8C3-DF48-F11C-290D-D7CD732B35CC} -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.302:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.523:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.561:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.563:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.578:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.581:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.627:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.636:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.638:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.643:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.647:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.653:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.655:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.683:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.685:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.686:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.687:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.688:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.689:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.706:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.709:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.710:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.711:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Adengage : Cleaned with backup
:mozilla.728:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.733:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.734:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.736:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.738:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.739:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.740:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.761:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.767:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.768:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.770:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.772:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.773:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.774:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.775:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.776:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.778:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.779:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.854:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.855:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.856:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.857:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.858:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.859:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.860:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.872:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.881:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.884:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.906:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\peg7u0u8.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.907:C:\Documents and Set
  • 0

#6
Perculator

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Hello,

Download CleanUp!.
If that doesn’t work, use this link.
But don’t use it yet.

I would advise you to remove
PowerReg Scheduler V3
because it’s not so well known.
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab Open the Misc Tools Session
  • Click on the Box that says "Uninstall Manager"
  • Click on PowerReg Scheduler V3
  • Click on Delete this entry
  • Click Yes
  • Now click back at the right bottom corner of the hijack this screen
  • Then click scan, at the left bottom corner of the hijack this screen
  • Now put a check at the following lines

O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\

O4 - Startup: PowerReg Scheduler V3.exe

Now click Fix Checked
And close hijack this


Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Once it's done, press Close. Reboot the system. This will remove files that were in use during the scan.

Now go to :
Start
Run

And type
sfc /scannow

note the empty space after sfc

If Windows has finished checking.

See if things work normal again.
Please post another fresh hijack this log.
  • 0

#7
earllove

earllove

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi
Cleanup download and installed but did not run. The same error screen came up as in last post. PowerReg Scheduler V3 was not in the hijack this add/remove programs section but all of the entries you said to fix using hijackthis were removed. I ran sfc /scannow under start-->run and this first time it said some files were infected and to put in my original XP disk which i did. I then restarted and ran the same code again under start-->run and it ran without any windows popping up. I restarted my computer, but when loading i still got the 20+windows saying most of my programs could not initialize and most programs still do not work. Below is my hijackthis log. Thanks ~Mike

Logfile of HijackThis v1.99.1
Scan saved at 2:09:39 AM, on 7/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104285321546
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  • 0

#8
Perculator

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
* Please rightclick this link to download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
For some time it will look like nothing is happening. Just keep waiting.
Once it's done it will create a log. A window will come up telling you when it's saved.


Also do the following

Please go here: Jotti Virus Scan

Click the "browse" button and locate this file:

C:\WINDOWS\System32\wininet.dll

Click "Open", then click the "Submit" button. Copy the results and paste them here
  • 0

#9
earllove

earllove

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey, here is the results for silent runner, below them will be the results from Jotti. On the Jotti virus scan website i did not include the "statistics" section. Let me know of you need them
Thanks again ~Mike

"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SFP" = "C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s" ["Verizon Internet Solutions"]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"Sonic RecordNow!" = (empty string)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"Dell AIO Printer A940" = ""C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"" ["Dell Computer Corporation"]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"StorageGuard" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"Motive SmartBridge" = "C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."]
"ViewMgr" = "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" ["Viewpoint Corporation"]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["McAfee, Inc."]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["McAfee, Inc"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" ["Sun Microsystems, Inc."]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Microsoft Works Update Detection" = "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "DriveLetterAccess" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" ["Sonic Solutions"]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found]
"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\twext.dll" [file not found]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
QuickFinderMenu\(Default) = "{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL" ["Novell, Inc., c/o Corel Corporation Limited"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Owner" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
"LimeWire On Startup" -> shortcut to: "C:\Program Files\LimeWire\LimeWire.exe -startup" ["Lime Wire, LLC"]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Verizon Online Support Center" -> shortcut to: "C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe -boot" ["Motive Communications, Inc."]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (FAMILIY-ZI24R3X-Owner)" -> launches: "C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe /Schedule" ["McAfee, Inc"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["McAfee, Inc"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 124 seconds, including 18 seconds for message boxes)






Jotti's malware scan 2.99-TRANSITION_TO_3.00
File to upload & scan: Virus

Service
Service load:
0% 100%
File: wininet.dll
Status:
OK
MD5 ef719e2b67d201e5398103091512173f
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing
  • 0

#10
Perculator

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Download FixO by Miekiemoes and unzip it.
Make sure all the files remain in the unzipped folder.
Click FixO.bat and run it.
When it's finished, press a button and notepad will open with some txt in it.
Copy and paste the content of it in your next reply together with a new hijackthislog.
  • 0

#11
earllove

earllove

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here it is,


running from ---
C:\Documents and Settings\Owner\Desktop\FixO

StartPAge.O Removal batch 1.00

by miekiemoes

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
existing bad files:
-----------------------------------------------------


existing important bad keys:
-----------------------------------------------------


Merging Registry----------


Deleting Files-------------


Searching for files not deleted:
-----------------------------------------------------


Searching for keys not deleted:
-----------------------------------------------------
  • 0

#12
Perculator

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Hello

Download CWShredder, open the program and click Check for updates
close the program without using it

Please reboot into Safe Mode.*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
*Use the arrow keys to select the Safe mode menu item
*press Enter.
Open CWShredder and click FIX

after the program is finished,

you restart your computer into normal mode


Now run hijack this again post a fresh log on this board and tell me if it helped.

Edited by Perculator, 07 August 2005 - 08:36 AM.

  • 0

#13
earllove

earllove

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I cant use any programs i download. Very few programs work currently..as in ones i already have..mcafee etc. I can dl cwshredder but i cant open it. Im open to any other suggestions. Thanks ~Mike
  • 0

#14
Perculator

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
can i see the result of the jottiscan or just do it again, i need to find some clues

maybe you can download the smitrem from the link i gave earlier because the tool have been updated a lot since you were downloading
first throw away the old smitrem to not mix them up

i'll be waiting
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP