|
need a little help with pop up plz
|
|
Member
|
11. June 2006 @ 11:19 |
Link to this message
|
pop ups damm things i get pop ups when my firefox is off here is a hijack this log could eny see the problem and help me plz
Logfile of HijackThis v1.99.1
Scan saved at 20:16:18, on 11/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lvhidsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\WeatherStudio Desktop\WeatherStudio Desktop.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\DAVE&R~1\LOCALS~1\Temp\Rar$EX02.131\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.weatherstudio.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69...
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp101.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: WeatherStudio - {849CC480-5983-4D30-A12C-774E8E8D8291} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: WeatherStudio - {C6139A57-16FB-4FA4-8045-A847FBFFD695} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [WeatherStudio Desktop] "C:\Program Files\WeatherStudio Desktop\WeatherStudio Desktop.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba2218.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\System32\lvhidsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
|
Advertisement
|
|
|
|
Senior Member
|
11. June 2006 @ 11:38 |
Link to this message
|
Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Unzip it (folder named SmitFraudFix) to your desktop:
Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)
Post the contents of this textfile to here.
Post a fresh HijackThis log too,
(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
|
Member
|
11. June 2006 @ 14:40 |
Link to this message
|
here u go i hope u can help
SmitFraudFix v2.58
Scan done at 23:36:53.28, 11/06/2006
Run from
C:\Documents and Settings\Dave & Rach\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\dxole32.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVE
Logfile of HijackThis v1.99.1
Scan saved at 23:40:27, on 11/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\lvhidsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\WeatherStudio Desktop\WeatherStudio Desktop.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\DAVE&R~1\LOCALS~1\Temp\Rar$EX00.048\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.weatherstudio.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69...
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp101.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: WeatherStudio - {849CC480-5983-4D30-A12C-774E8E8D8291} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: WeatherStudio - {C6139A57-16FB-4FA4-8045-A847FBFFD695} - C:\Program Files\WeatherStudio\bin\WeatherStudio.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [WeatherStudio Desktop] "C:\Program Files\WeatherStudio Desktop\WeatherStudio Desktop.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba2218.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\System32\lvhidsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
Senior Member
|
11. June 2006 @ 23:03 |
Link to this message
|
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml
When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.
You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.
The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".
The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.
Tha log is saved to your local diskdrive, usually C:\rapport.txt.
Warning : Running option 2 in a clean computer will delete your desktop wallpaper.
Send C:\rapport.txt. Scan hijack and copy the log too your reply
|
Member
|
14. June 2006 @ 00:41 |
Link to this message
|
|
thanx 4 the good advice but im going to reintall windows far tomany problem with it now but thanx 4 the help
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
Member
|
14. June 2006 @ 07:34 |
Link to this message
|
|
ok maybe i still need your help reinstalled window and the same bloody problem apears so i will do what u said and post the hijack this log
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
Member
|
14. June 2006 @ 07:55 |
Link to this message
|
ther done all what u have told me here r the before and after logs tell me what u think
BEFORE
Logfile of HijackThis v1.99.1
Scan saved at 08:40:27, on 14/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\DAVE&R~1\LOCALS~1\Temp\Rar$EX00.325\HijackThis.exe
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /reboot{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /z
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
SmitFraudFix v2.58
Scan done at 8:42:12.92, 14/06/2006
Run from
C:\Documents and Settings\Dave & Rach\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVE
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
ARTER
Logfile of HijackThis v1.99.1
Scan saved at 08:40:27, on 14/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\DAVE&R~1\LOCALS~1\Temp\Rar$EX00.325\HijackThis.exe
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /reboot{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /z
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
SmitFraudFix v2.58
Scan done at 8:51:49.49, 14/06/2006
Run from
C:\Documents and Settings\Dave & Rach\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVE
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
Senior Member
|
15. June 2006 @ 23:05 |
Link to this message
|
Hi mrcapdown
Sorry delay
Scan HijackThis and check :
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Close all programs exept hijack and click fix checked.
Delete
C:\WINDOWS\web\ >>>related.htm
Download one antivirus and one firewall and install them.
|
Member
|
15. June 2006 @ 23:35 |
Link to this message
|
|
thanx u so much
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
Member
|
16. June 2006 @ 03:08 |
Link to this message
|
|
sorry mate the dam things come back again ent this else i could do
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
Senior Member
|
17. June 2006 @ 03:16 |
Link to this message
|
|
What mad things, Send a fresh hijack log
|
Member
|
17. June 2006 @ 03:34 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 12:34:20, on 17/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dave & Rach\Desktop\ZENS_PCAPP_LB_1_20_12_MTP.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\DAVE&R~1\LOCALS~1\Temp\Rar$EX01.969\HijackThis.exe
C:\WINDOWS\temp\CRF000\PDEDet\setup.exe
C:\WINDOWS\temp\CRF000\PDEDet\setup.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
Senior Member
|
17. June 2006 @ 04:06 |
Link to this message
|
|
Member
|
17. June 2006 @ 07:17 |
Link to this message
|
i put on mcafee anit-virus ,firewall and anit-spyware
here i th hijack this log what do u think
Logfile of HijackThis v1.99.1
Scan saved at 16:14:14, on 17/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
Senior Member
|
17. June 2006 @ 07:33 |
Link to this message
|
|
Exelent choice , please send a whole log ;)
|
Member
|
17. June 2006 @ 07:37 |
Link to this message
|
thanx i read good reviwes
there u go
Logfile of HijackThis v1.99.1
Scan saved at 16:36:40, on 17/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\DAVE&R~1\LOCALS~1\Temp\Rar$EX03.318\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
Senior Member
|
17. June 2006 @ 07:41 |
Link to this message
|
|
Logs look fine, is there some problem ?
|
Member
|
17. June 2006 @ 07:45 |
Link to this message
|
|
a pop up called windows servise meg say i have problems got to go to all these diffent sites which just want me to buy there crapy software
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
Senior Member
|
17. June 2006 @ 08:01 |
Link to this message
|
Okay, Lets try this:
Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php
From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"
It will scan the entire System, so please be patient
Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder
Open the SmitfraudFix-folder and doubleclick smitfraudfix.cmd
Hit 1, onyour keyboard, and then Enter
Copy the complete text, wich is on your screen after SmitfraudFix is done, and post it in this topic. Post also the contents of WinPFind.txt
|
Member
|
17. June 2006 @ 08:31 |
Link to this message
|
|
there u go
WINPFING LOG
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
aspack 26/05/2005 23:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
PEC2 23/08/2001 22:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
Umonitor 29/08/2002 04:41:10 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 28/04/2006 01:49:30 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe
UPX! 09/01/2006 18:36:04 42496 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 09/01/2006 18:36:06 40960 C:\WINDOWS\SYSTEM32\swsc.exe
winsync 23/08/2001 22:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
17/06/2006 17:01:32 S 2048 C:\WINDOWS\bootstat.dat
14/06/2006 21:46:28 RH 749 C:\WINDOWS\WindowsShell.Manifest
14/06/2006 21:46:40 H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
14/06/2006 21:47:58 HS 67 C:\WINDOWS\Fonts\desktop.ini
14/06/2006 21:46:40 H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
14/06/2006 21:47:18 RHS 727 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_1.cab
14/06/2006 21:47:18 RHS 19854 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_2.cab
14/06/2006 21:47:18 RHS 243124 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_3.cab
14/06/2006 21:49:04 H 233472 C:\WINDOWS\repair\ntuser.dat
14/06/2006 21:46:28 RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
14/06/2006 21:46:40 RH 488 C:\WINDOWS\system32\logonui.exe.manifest
14/06/2006 21:46:28 RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
14/06/2006 21:46:28 RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
14/06/2006 21:46:28 RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
14/06/2006 21:46:40 RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
14/06/2006 21:46:28 RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
16/06/2006 08:44:04 H 4212 C:\WINDOWS\system32\zllictbl.dat
21/04/2006 01:20:46 S 7645 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem1.CAT
17/06/2006 17:03:52 H 1024 C:\WINDOWS\system32\config\default.LOG
17/06/2006 17:01:34 H 1024 C:\WINDOWS\system32\config\SAM.LOG
17/06/2006 17:02:48 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
17/06/2006 17:24:20 H 110592 C:\WINDOWS\system32\config\software.LOG
17/06/2006 17:04:24 H 1024 C:\WINDOWS\system32\config\system.LOG
14/06/2006 14:26:32 H 1024 C:\WINDOWS\system32\config\TempKey.LOG
14/06/2006 14:26:34 H 1024 C:\WINDOWS\system32\config\userdiff.LOG
14/06/2006 14:29:00 HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
14/06/2006 14:29:00 HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
14/06/2006 21:47:22 HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
14/06/2006 21:47:22 HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
14/06/2006 21:47:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
14/06/2006 21:47:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
14/06/2006 21:47:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\456701AZ\desktop.ini
14/06/2006 21:47:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDIRKX2N\desktop.ini
14/06/2006 21:47:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1E38HA3\desktop.ini
14/06/2006 21:47:22 HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OD6VCTUV\desktop.ini
14/06/2006 21:46:44 HS 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
14/06/2006 14:29:00 HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
14/06/2006 21:48:58 HS 206 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
14/06/2006 21:48:56 HS 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
14/06/2006 21:48:56 HS 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
14/06/2006 21:48:56 HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
14/06/2006 21:48:56 HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
14/06/2006 14:40:50 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3f159f02-801d-4a4a-bc29-5440262e9d20
14/06/2006 14:40:50 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
17/06/2006 17:01:34 H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 23/08/2001 22:00:00 66048 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 29/08/2002 04:41:28 629248 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 29/08/2002 04:41:28 132096 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 23/08/2001 22:00:00 178688 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 12/10/2001 21:30:50 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 29/08/2002 04:41:28 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 29/08/2002 04:41:28 123392 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 29/08/2002 11:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10/11/2005 21:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 23/08/2001 22:00:00 256000 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 23/08/2001 22:00:00 789504 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 23/08/2001 22:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 23/08/2001 22:00:00 281600 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 23/08/2001 22:00:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 23/08/2001 22:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 23/08/2001 22:00:00 161792 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 29/08/2002 04:41:28 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 23/08/2001 22:00:00 31232 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 23/08/2001 22:00:00 91136 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 23/08/2001 22:00:00 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 29/08/2002 04:41:28 629248 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 29/08/2002 04:41:28 132096 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 23/08/2001 22:00:00 178688 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 29/08/2002 04:41:28 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 29/08/2002 04:41:28 123392 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 29/08/2002 11:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 23/08/2001 22:00:00 256000 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 23/08/2001 22:00:00 789504 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 23/08/2001 22:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 23/08/2001 22:00:00 281600 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 23/08/2001 22:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 23/08/2001 22:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 23/08/2001 22:00:00 161792 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 29/08/2002 04:41:28 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 29/08/2002 04:41:28 268288 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 23/08/2001 22:00:00 31232 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 23/08/2001 22:00:00 91136 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
14/06/2006 21:48:56 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
14/06/2006 14:29:00 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
17/06/2006 10:41:04 1359 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Checking files in %USERPROFILE%\Startup folder...
14/06/2006 21:48:56 HS 84 C:\Documents and Settings\Dave & Rach\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
14/06/2006 14:29:00 HS 62 C:\Documents and Settings\Dave & Rach\Application Data\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{CFC7205E-2792-4378-9591-3879CC6C9022}
= c:\progra~1\mcafee.com\vso\mcvsshl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{BA52B914-B692-46c4-B683-905236F6F655} = McAfee VirusScan : c:\progra~1\mcafee.com\vso\mcvsshl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
McRegWiz C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
VSOCheckTask "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
VirusScan Online C:\Program Files\McAfee.com\VSO\mcvsshld.exe
OASClnt C:\Program Files\McAfee.com\VSO\oasclnt.exe
MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MPFExe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
_AntiSpyware c:\progra~1\mcafee\MCAFEE~1\masalert.exe
MCUpdateExe C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\System32\ctfmon.exe
FreeRAM XP "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv
= C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs wbsys.dll
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 17/06/2006 17:24:38
SmitfraudFix LOG
SmitFraudFix v2.58
Scan done at 17:30:52.68, 17/06/2006
Run from H:\Programs\windows Programs\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVE
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
Senior Member
|
17. June 2006 @ 08:53 |
Link to this message
|
Okei do this:
Please download ewido anti malware it is a free version of the program -> http://www.ewido.net/en/download/
1. Install ewido security suite
2. When installing, under "Additional Options" uncheck..
* Install background guard
* Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates -> http://www.ewido.net/en/download/updates/
Once the updates are installed do the following:
Reboot your computer in SafeMode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Launch ewido:
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.
Reboot back to normal mode
Send a ewido report
|
Member
|
18. June 2006 @ 01:40 |
Link to this message
|
|
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 10:33:19, 18/06/2006
+ Report-Checksum: C7F30823
+ Scan result:
:mozilla.12:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Counted : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.563:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.576:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.602:C:\Documents and Settings\Dave & Rach\Application Data\Mozilla\Firefox\Profiles\tyng34i8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Dave & Rach\Cookies\dave & rach@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Dave & Rach\Cookies\dave & rach@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Dave & Rach\Cookies\dave & rach@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Dave & Rach\Cookies\dave & rach@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Dave & Rach\Cookies\dave & rach@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Dave & Rach\Cookies\dave & rach@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Dave & Rach\Cookies\dave & rach@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Dave & Rach\Cookies\dave & rach@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Dave & Rach\Cookies\dave & rach@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dave & Rach\Cookies\dave & rach@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Dave & Rach\Cookies\dave & rach@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
::Report End
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
Senior Member
|
18. June 2006 @ 01:45 |
Link to this message
|
Hi mrcapdown
Download F-Secure Blacklight and save it to your desktop -> http://www.f-secure.com/blacklight/try.shtml
Doubleclick blbeta.exe, accept the agreement, click Scan, then click Next
You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).
DON'T choose Rename if something was found!
Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop)
|
Member
|
25. June 2006 @ 06:50 |
Link to this message
|
|
sorry i have not posted in a little time but i got rid or the pop up with AGV anti-virus free thanx 4 all your help
C:/DOS C:/DOS/RUN RUN/DOS/RUN
|
|
Advertisement
|
|
|
Senior Member
|
25. June 2006 @ 07:06 |
Link to this message
|
|
Hi, mrcapdown
Good to hear That your comps problem is solved :)
|
