1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spyware problems =(

Discussion in 'Virus & Other Malware Removal' started by Trance13, Aug 11, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Trance13

    Trance13 Thread Starter

    Joined:
    Jun 23, 2006
    Messages:
    12
    Can onyone help me with my spyware problems? I dont have a whole lot but what i do have affects my computer's performance severely.
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,060
    Please do this:

    Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Trance13

    Trance13 Thread Starter

    Joined:
    Jun 23, 2006
    Messages:
    12
    OK heres my log

    Logfile of HijackThis v1.99.1
    Scan saved at 11:38:03 AM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\U2lyIFNldGg\command.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\thiselt.exe
    C:\WINDOWS\CCZoop05.exe
    C:\WINDOWS\ms061678155535.exe
    C:\WINDOWS\v1201.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\Toshiba Web and Support Menu\ToshibaSupport.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://www.toshiba.com
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} -

    C:\Program Files\SurfSideKick 3\SskBho.dll
    O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -

    C:\WINDOWS\system32\WinNB57.dll
    O2 - BHO: (no name) - {BBE97366-1BB0-4442-AE4C-F6B2F20BD8D3} - \
    O2 - BHO: (no name) - {EDFA152E-4FDB-CDEE-7BBB-943FAB54EE94} -

    C:\WINDOWS\ruitcbvf.dll
    O2 - BHO: Internet Explorer Web Content Catcher -

    {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
    O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -

    C:\WINDOWS\system32\WinNB57.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
    O4 - HKLM\..\Run: [ms061678155535] C:\WINDOWS\ms061678155535.exe
    O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"

    /background
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000169.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL

    Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

    Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.mmohsix.com
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

    http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class)

    - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -

    http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_sit

    e.cab?1121225076089
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) -

    http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)

    - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -

    http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006Fre

    eInstall.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

    http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: repairs303169590.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Command Service (cmdService) - Unknown owner -

    C:\WINDOWS\U2lyIFNldGg\command.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -

    C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec

    Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program

    Files\TGTSoft\StyleXP\StyleXPService.exe
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,060
    Download Brute Force Uninstaller to your desktop.
    • Right click the file on your Desktop, and choose Extract All.
    • Click Next.
    • In the box to choose where to extract the files to:
    • Click Browse.
    • Click on the + sign next to My Computer
    • Click on Local Disk C: or whatever your primary drive is.
    • Click Make New Folder
    • Type in BFU
    • Click Next, and uncheck the Show Extracted Files box and then click Finish.
    Download sidekickFix.bat (rightclick on that link and choose save as)
    • Place sidekickFix.bat in your C:\BFU - folder. (Important!)
    • Close all browsers and explorer folders.
    • Double-click on sidekickFix.bat
    • Click Yes and follow the prompts, when prompted to restart the PC please do so.


    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires it becomes freeware with reduced functions but still worth keeping.



    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.


    When posting your next HijackThis log be sure that "word wrap" is turned off in Notepad under "format".
     
  5. Trance13

    Trance13 Thread Starter

    Joined:
    Jun 23, 2006
    Messages:
    12
    Heres active scan-


    Incident Status Location

    Adware:adware/shorty Not disinfected c:\program files\common files\services.exe
    Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
    Adware:adware/securityerror Not disinfected C:\Documents and Settings\Sir Seth\Favorites\Antivirus Test Online.url
    Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Ssk.log
    Adware:adware/dollarrevenue Not disinfected c:\windows\drsmartload2.dat
    Adware:adware/maxifiles Not disinfected c:\program files\common files\InetGet
    Adware:adware/ist.istbar Not disinfected c:\program files\common files\Totem Shared
    Adware:adware/deskwizz Not disinfected Windows Registry
    Adware:adware/popper Not disinfected Windows Registry
    Adware:adware/ucontrol Not disinfected Windows Registry
    Adware:adware/mirar Not disinfected Windows Registry
    Adware:adware/powerstrip Not disinfected Windows Registry
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[adserver.filefront.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.adultfriendfinder.com/]
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.adopt.hbmediapro.com/]
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.webpower.com/]
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.toplist.cz/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.belnk.com/]
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.888.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.entrepreneur.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.bravenet.com/]
    Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-114acfca.zip[javainstaller/InstallerApplet.class]
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
     
  6. Trance13

    Trance13 Thread Starter

    Joined:
    Jun 23, 2006
    Messages:
    12
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 2:04:49 PM 8/11/2006

    + Scan result:



    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\FYNFJZ0P\thiselt[1].exe -> Adware.Agent : No action taken.
    C:\Documents and Settings\Sir Seth\Application Data\аssembly\chkntfs.exe -> Adware.ClickSpring : No action taken.
    C:\Program Files\Common Files\services.exe -> Adware.Maxifiles : No action taken.
    C:\Program Files\DNS\Catcher.dll -> Adware.Maxifiles : No action taken.
    C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : No action taken.
    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\J8L1537E\em[1].ocx -> Adware.MediaMotor : No action taken.
    C:\WINDOWS\em.ocx -> Adware.MediaMotor : No action taken.
    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\BRPBCGE9\876057[1].exe -> Adware.Mirar : No action taken.
    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\J8L1537E\WinATS[1].cab/WinATS.dll -> Adware.Mirar : No action taken.
    C:\WINDOWS\876057.exe -> Adware.Mirar : No action taken.
    C:\WINDOWS\system32\WinATS.dll -> Adware.Mirar : No action taken.
    C:\WINDOWS\system32\WinDmy.dll -> Adware.Mirar : No action taken.
    C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : No action taken.
    HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
    HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
    HKU\S-1-5-21-3402799377-2704883870-4021508746-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
    C:\WINDOWS\system32\rk.exe -> Adware.RK : No action taken.
    HKLM\SOFTWARE\Classes\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : No action taken.
    HKU\S-1-5-21-3402799377-2704883870-4021508746-1005\Software\DNS -> Adware.Shorty : No action taken.
    HKU\S-1-5-21-3402799377-2704883870-4021508746-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : No action taken.
    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\FYNFJZ0P\111[1].avi -> Backdoor.Small : No action taken.
    C:\Documents and Settings\Sir Seth\My Documents\eltadperf.exe -> Backdoor.Small : No action taken.
    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\J8L1537E\al3[1].txt -> Downloader.Small : No action taken.
    C:\WINDOWS\system32\w0be43cf.dll -> Downloader.Small : No action taken.
    C:\WINDOWS\ruitcbvf.dll -> Downloader.Small.ajc : No action taken.
    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\O4MDHUH8\104[1].avi -> Downloader.Small.buy : No action taken.
    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\O4MDHUH8\idlemg[1].exe -> Downloader.Small.buy : No action taken.
    C:\WINDOWS\idlemg.exe -> Downloader.Small.buy : No action taken.
    C:\VSL.dl_ -> Downloader.Small.ctp : No action taken.
    C:\WINDOWS\unin101.exe -> Downloader.VB.tw : No action taken.
    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\O4MDHUH8\comscore[1].exe -> Dropper.Agent.hl : No action taken.
    C:\WINDOWS\comscore.exe -> Dropper.Agent.hl : No action taken.
    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\FYNFJZ0P\ss1205[1].exe -> Dropper.Small.qn : No action taken.
    C:\WINDOWS\ss1205.exe -> Dropper.Small.qn : No action taken.
    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\O4MDHUH8\v1201[1].exe -> Hijacker.Small : No action taken.
    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\BRPBCGE9\wallpap[1].exe -> Hijacker.Small.jf : No action taken.
    C:\Program Files\html1.htm -> Hijacker.Small.jf : No action taken.
    C:\Program Files\html2.htm -> Hijacker.Small.jf : No action taken.
    C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Content.IE5\O4MDHUH8\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
    C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : No action taken.
    :mozilla.100:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.101:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.104:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.326:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.343:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.97:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.98:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.99:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.205:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.207:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.208:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.209:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.210:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.211:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.476:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Addynamix : No action taken.
    :mozilla.129:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.130:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.131:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.132:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.133:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][3].txt -> TrackingCookie.Adrevolver : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Adtrak : No action taken.
    :mozilla.252:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.253:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.255:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.256:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.27:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Bluestreak : No action taken.
    :mozilla.26:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
    :mozilla.28:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
    :mozilla.29:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
    :mozilla.30:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
    :mozilla.31:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
    :mozilla.321:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.156:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
    :mozilla.441:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
    :mozilla.243:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Com : No action taken.
    :mozilla.373:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
    :mozilla.123:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Cpvfeed : No action taken.
    :mozilla.298:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Cqcounter : No action taken.
    :mozilla.36:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Enhance : No action taken.
    :mozilla.316:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Euroclick : No action taken.
    :mozilla.389:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.84:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.85:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.90:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.91:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.150:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Findwhat : No action taken.
    :mozilla.126:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Goclick : No action taken.
    :mozilla.127:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Goclick : No action taken.
    :mozilla.202:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.216:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.456:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.59:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.60:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.61:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    :mozilla.62:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Kmpads : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Liveperson : No action taken.
    :mozilla.54:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
    :mozilla.361:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Ne : No action taken.
    :mozilla.322:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
    :mozilla.323:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
    :mozilla.324:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Overture : No action taken.
    :mozilla.146:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.147:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.148:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.116:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
    :mozilla.117:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
    :mozilla.118:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
    :mozilla.119:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
    :mozilla.120:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Reliablestats : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Revenue : No action taken.
    :mozilla.217:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
    :mozilla.219:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Ru4 : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Searchingbooth : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Searchingbooth : No action taken.
    :mozilla.191:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.192:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.193:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.194:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.270:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.271:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.272:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.273:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.274:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.275:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.276:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.277:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.278:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.279:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.280:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.281:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.282:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.283:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.284:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.285:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.286:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.287:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.288:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.289:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.290:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.291:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
    :mozilla.304:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
    :mozilla.305:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
    :mozilla.306:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
    :mozilla.393:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
    :mozilla.394:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
    :mozilla.328:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Specificclick : No action taken.
    :mozilla.18:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.19:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.20:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.21:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.22:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.23:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.24:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.25:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.8:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Statcounter : No action taken.
    :mozilla.139:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.140:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Top-banners : No action taken.
    :mozilla.447:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.448:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.48:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.49:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.402:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
    :mozilla.314:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
    :mozilla.134:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.135:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.136:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.137:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.138:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.57:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.58:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.63:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.64:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.65:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Zedo : No action taken.
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Zedo : No action taken.
    C:\WINDOWS\system32\1024 -> Trojan.Small : No action taken.
    C:\WINDOWS\system32\1024\ld4825.tmp -> Trojan.Small : No action taken.
    C:\WINDOWS\system32\1024\ldD2F8.tmp -> Trojan.Small : No action taken.


    ::Report end
     
  7. Trance13

    Trance13 Thread Starter

    Joined:
    Jun 23, 2006
    Messages:
    12
    Logfile of HijackThis v1.99.1
    Scan saved at 2:49:44 PM, on 8/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ms055167815553.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\Duce6.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
    O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
    O2 - BHO: (no name) - {BBE97366-1BB0-4442-AE4C-F6B2F20BD8D3} - \
    O2 - BHO: (no name) - {EDFA152E-4FDB-CDEE-7BBB-943FAB54EE94} - C:\WINDOWS\ruitcbvf.dll (file missing)
    O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)
    O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [ms055167815553] C:\WINDOWS\ms055167815553.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000169.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.mmohsix.com
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121225076089
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2lyIFNldGg\command.exe (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,060
    You need to run Ewido again and follow my instructions carefully so it quarantines those entries that it did not act on.

    Then run Panda again as it has picked up stuff that Ewido would have removed.


    Then please do this:

    Please download SmitfraudFix (by S!Ri)

    Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop. This is imperative for the tool to function properly. If using a utility such as winzip you will have to direct it there as it will not unzip to the desktop by default. The desination location should look like this (C: being your primary drive): C:\Documents and Settings\User\Desktop\SmitfraudFix

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm


    Post a new HijackThis log along with the new Ewido scan log, the new Panda scanlog and the log from smitfraudfix.
     
  9. Trance13

    Trance13 Thread Starter

    Joined:
    Jun 23, 2006
    Messages:
    12
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 7:59:21 PM 8/12/2006

    + Scan result:



    C:\Program Files\Common Files\services.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
    C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3402799377-2704883870-4021508746-1005\Software\DNS -> Adware.Shorty : Cleaned with backup (quarantined).
    HKU\S-1-5-21-3402799377-2704883870-4021508746-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    :mozilla.10:C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


    ::Report end
     
  10. Trance13

    Trance13 Thread Starter

    Joined:
    Jun 23, 2006
    Messages:
    12
    Incident Status Location

    Adware:adware/shorty Not disinfected c:\program files\common files\services.exe
    Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
    Adware:adware/securityerror Not disinfected C:\Documents and Settings\Sir Seth\Favorites\Antivirus Test Online.url
    Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Sir Seth\Local Settings\Temporary Internet Files\Ssk.log
    Adware:adware/dollarrevenue Not disinfected c:\windows\drsmartload2.dat
    Adware:adware/maxifiles Not disinfected c:\program files\common files\InetGet
    Adware:adware/ist.istbar Not disinfected c:\program files\common files\Totem Shared
    Adware:adware/deskwizz Not disinfected Windows Registry
    Adware:adware/popper Not disinfected Windows Registry
    Adware:adware/ucontrol Not disinfected Windows Registry
    Adware:adware/mirar Not disinfected Windows Registry
    Adware:adware/powerstrip Not disinfected Windows Registry
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\Cache\633285D9d01[SmitfraudFix/Process.exe]
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.statcounter.com/]
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.maxserving.com/]
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[adserver.filefront.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.adultfriendfinder.com/]
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.adopt.hbmediapro.com/]
    Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.webpower.com/]
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.toplist.cz/]
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.belnk.com/]
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.888.com/]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.entrepreneur.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Mozilla\Firefox\Profiles\e5j3ecp3.default\cookies.txt[.bravenet.com/]
    Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Sir Seth\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-114acfca.zip[javainstaller/InstallerApplet.class]
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][2].txt
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sir Seth\Cookies\sir [email protected][1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sir Seth\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
     
  11. Trance13

    Trance13 Thread Starter

    Joined:
    Jun 23, 2006
    Messages:
    12
    SmitFraudFix v2.81

    Scan done at 20:22:15.41, Sat 08/12/2006
    Run from C:\Documents and Settings\Sir Seth\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\drsmartload2.dat FOUND !
    C:\WINDOWS\newname.dat FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\hp???.tmp FOUND !
    C:\WINDOWS\system32\hp????.tmp FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sir Seth\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SIRSET~1\FAVORI~1

    C:\DOCUME~1\SIRSET~1\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  12. Trance13

    Trance13 Thread Starter

    Joined:
    Jun 23, 2006
    Messages:
    12
    Logfile of HijackThis v1.99.1
    Scan saved at 8:23:20 PM, on 8/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ms055167815553.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\Duce6.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
    O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
    O2 - BHO: (no name) - {BBE97366-1BB0-4442-AE4C-F6B2F20BD8D3} - \
    O2 - BHO: (no name) - {EDFA152E-4FDB-CDEE-7BBB-943FAB54EE94} - C:\WINDOWS\ruitcbvf.dll (file missing)
    O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)
    O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [ms055167815553] C:\WINDOWS\ms055167815553.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000169.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.mmohsix.com
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121225076089
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/files/installers/cab/WinAntiVirusPro2006FreeInstall.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2lyIFNldGg\command.exe (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,060
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/491415

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice