PDA

View Full Version : Smitfraud again...


chameckas
2007-05-11, 14:58
I am one more victim of Smitfraud-C.Toolbar888. I tried several things, but I cant get rid of it. I read somewhere else that it could be a false positive. I am confused. How can I get rid of this thing?

Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:53:31 AM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Documents and Settings\Marcelo Chamecki\My Documents\programs\scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\MARCELO CHAMECKI\Application Data\Mozilla\Profiles\default\wzjmas2p.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MARCELO CHAMECKI\Application Data\Mozilla\Profiles\default\wzjmas2p.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1AA06E58-2A7E-4DFB-B6BA-49CA15367C14} - C:\WINDOWS\system32\awtqr.dll
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\rqrqron.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\ixbndsus.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=051607 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\irkhmlbp.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-21-1060284298-484763869-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1060284298-484763869-682003330-1003\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User '?')
O4 - HKUS\S-1-5-21-1060284298-484763869-682003330-1003\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (User '?')
O4 - S-1-5-21-1060284298-484763869-682003330-1003 Startup: PowerReg Scheduler.exe (User '?')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download all by Net Transport - C:\Documents and Settings\Marcelo Chamecki\My Documents\Jazz\NetTransport 2\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Documents and Settings\Marcelo Chamecki\My Documents\Jazz\NetTransport 2\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{65FA4F2F-5357-4752-92E8-95FAD89E4DB4}: NameServer = 128.220.2.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{65FA4F2F-5357-4752-92E8-95FAD89E4DB4}: NameServer = 128.220.2.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{65FA4F2F-5357-4752-92E8-95FAD89E4DB4}: NameServer = 128.220.2.7
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll
O20 - Winlogon Notify: rqrqron - rqrqron.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

--
End of file - 7019 bytes
pskelley
2007-05-11, 20:02
Welcome to Safer Networking, if you still need help and are not receiving it elsewhere, it appears you have missed some important instructions our administrator has posted at the top of the forum, especially this: "BEFORE you POST" Mandatory Steps Before Requesting Assistance
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please read and follow all instructions and post all required logs or reports, anything less will slow your process.
Use "Post Reply" to post the information in the instructions and stay in the same topic.

Follow the instructions carefully, especially:

At the present time, do NOT run Trend Micro HijackThis v2.0.0 (BETA) to produce a log for this forum, unless specifically requested, or you have a Vista Operating System.

Smitfraud-C.Toolbar888 <<< this is a false positive, see this information:
http://forums.spybot.info/showthread.php?t=8668

You do have at least a Vundo infection, here is some information about the junk:
Since there is a class action involving this one, you may want to view this information:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
http://www.youtube.com/watch?v=zBUZHiKhsog
http://msmvps.com/blogs/spywaresucks/search.aspx?q=winfixer+msn
http://www.revenews.com/wayneporter/archives/adware-spyware-greynets/getting_the_

I need a look at your uninstall list before we can start:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.

Follow the directions I have posted and provide me with the correct HJT log and your uninstall list. Please also post any comments you think will help.

Thanks
chameckas
2007-05-11, 20:22
Thank you so much for your response! I apologize for the wrong version of HJT. Here are the new version of HJT log and also the requested uninstall_list. I have already tried to remove Vundo once. It seems I was not able to do it. I will check the suggested links. I appreciate your help!

Logfile of HijackThis v1.99.1
Scan saved at 2:15:09 PM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Documents and Settings\Marcelo Chamecki\My Documents\programs\scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Profiles\default\wzjmas2p.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Profiles\default\wzjmas2p.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\system32\rqrqron.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\ixbndsus.dll (file missing)
O2 - BHO: (no name) - {FBD1B9F7-8B1F-4C16-976C-A492B82E77E8} - C:\WINDOWS\system32\awtqr.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=051607 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\irkhmlbp.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download all by Net Transport - C:\Documents and Settings\Marcelo Chamecki\My Documents\Jazz\NetTransport 2\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Documents and Settings\Marcelo Chamecki\My Documents\Jazz\NetTransport 2\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{65FA4F2F-5357-4752-92E8-95FAD89E4DB4}: NameServer = 128.220.2.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{65FA4F2F-5357-4752-92E8-95FAD89E4DB4}: NameServer = 128.220.2.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{65FA4F2F-5357-4752-92E8-95FAD89E4DB4}: NameServer = 128.220.2.7
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: rqrqron - rqrqron.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)
chameckas
2007-05-11, 20:23
Active GIF Creator 2.17
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Illustrator 9.0
Adobe Photoshop 7.0
Adobe Reader 8
Advanced Encode Decode Tools v.1.062e
Advanced WMA Workshop version 2.1
AFPL Ghostscript 8.11
AFPL Ghostscript Fonts
All To MP3 Converter 1.6
AltoMP3 Gold 5.06
AsfTools 3.1 (remove only)
Ashampoo CD Recording Suite 4
AudioConverter Studio 4.8
CD to MP3 Maker 2.10
Cliprex DS DVD Player
CorelDRAW Graphics Suite 12
Curriculo Lattes
dBpowerAMP CD Writer
Dell ResourceCD
Device Configuration Utility 1.5
DivX Web Player
DjVu Solo 3.1
DRAWings® Embroidery Effect
Easy MPEG & RM Joiner 2.01
Easy Video Joiner 5.21
ffdshow (remove only)
Google Earth
GSview 4.4
GTK+ 1.3.0-20030717-1 runtime environment
GVOX Encore 32 v4.5
HijackThis 1.99.1
Intel(R) PRO Network Adapters and Drivers
Ipswitch WS_FTP Home 2006
Java 2 Runtime Environment, SE v1.4.1_02
Java Runtime Environment 1.1
Java Web Start
LiveUpdate 1.7 (Symantec Corporation)
LoggerNet 2.0
Macromedia Flash Player 8
Mathematica 5
MathType 5
MATLAB 6.5
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
MiKTeX
Monkey's Audio
Mozilla Firefox (1.5.0.11)
Mp3tag v2.37a
Mpeg2Decoder 1.3
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
Nero 6 Enterprise Edition
NeroMIX
Netscape (7.1)
NVIDIA Windows 2000/XP Display Drivers
PC208W 3.3
PC9000
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SmartFTP Client
SoundMAX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SSH Secure Shell
Streambox Vcr Suite 2
StuffIt Standard
Symantec AntiVirus Client
TexPoint 2.0.3
The GIMP 1.2.5-20030729-1
Total Commander (Remove or Repair)
UltraEdit-32
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
ViewSonic Monitor Drivers
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinEdt
WinRAR archiver
ZoneAlarm
pskelley
2007-05-11, 20:38
See this information: http://forums.spybot.info/showpost.php?p=12880&postcount=2
Now your version of Java is ancient, and that may be why Vundofix is having a problem removing the junk. It may be you are not using the tool correctly also. Before you start, download the newest version of Java and uninstall those old versions in Add Remove Programs.
Java 2 Runtime Environment, SE v1.4.1_02
Java Runtime Environment 1.1
Java Web Start <<< I am not sure what that is, I have not seen it in a log before? Leave it if you know what it is.


There is also an 04 that looks like this: O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\irkhmlbp.dll",realset that may be putting the junk back if it is not all removed. We need to remove that manually once all of the Vundo is gone.

The fix is updated often to keep up with the hackers, if you have it onboard, delete it and download it fresh from the instructions.

Thanks to Atribune and any others who helped with this fix.

Please understand these hackers can call there junk anything they wish. Vundofix may not know the files at first, but it will learn. You want to run the fix until you see all Vundo files say: "Has been deleted"

More will be hidden, but here is the active Vundo file I see.
C:\WINDOWS\system32\awtqr.dll

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThislogin a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com

Thanks
chameckas
2007-05-11, 21:55
pskelley,

I removed the old Java and installed the most recent version and run VundoFix. I had to boot from my linux to manually remove irkhmlbp.dll. Here are the requested logs.


VundoFix V6.3.21

Checking Java version...

Scan started at 3:20:42 PM 5/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\ixbndsus.dll
C:\WINDOWS\system32\rqrqron.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\awtqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini Has been deleted!

Performing Repairs to the registry.
Done!
chameckas
2007-05-11, 21:55
Logfile of HijackThis v1.99.1
Scan saved at 3:50:57 PM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marcelo Chamecki\My Documents\programs\scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Profiles\default\wzjmas2p.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Profiles\default\wzjmas2p.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {486CBA6C-C190-4F40-875E-69A2492FC458} - C:\WINDOWS\system32\awtqr.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=051607 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\irkhmlbp.dll",realset
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download all by Net Transport - C:\Documents and Settings\Marcelo Chamecki\My Documents\Jazz\NetTransport 2\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Documents and Settings\Marcelo Chamecki\My Documents\Jazz\NetTransport 2\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{65FA4F2F-5357-4752-92E8-95FAD89E4DB4}: NameServer = 128.220.2.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{65FA4F2F-5357-4752-92E8-95FAD89E4DB4}: NameServer = 128.220.2.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{65FA4F2F-5357-4752-92E8-95FAD89E4DB4}: NameServer = 128.220.2.7
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: rqrqron - rqrqron.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)
pskelley
2007-05-11, 22:12
Thanks for returning the information and the feedback, let's do this now:

1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {486CBA6C-C190-4F40-875E-69A2492FC458} - C:\WINDOWS\system32\awtqr.dll (file missing)
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\irkhmlbp.dll",realset
O4 - Startup: PowerReg Scheduler.exe
O20 - Winlogon Notify: rqrqron - rqrqron.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) RIGHT Click on Start then click on Explore. Locate and delete these items:

(important to kill this one)

C:\WINDOWS\system32\irkhmlbp.dll <<< delete that file

5) Let's run a good free spyware scan to make sure nothing is hiding, follow the directions to run AVG Anti-Spyware, make sure you delete or quarantine anything found and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Post those scan results and a new HJT log. How is the computer running.

Thanks
chameckas
2007-05-11, 23:14
pskelley,

I had already deleted irkhmlbp.dll booting from linux (windows wouldnt allow me to remove it - file being used by another program...). It is not there anymnore. Here is the log for AVG and the new HJT.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:07:29 PM 5/11/2007

+ Scan result:



:mozilla.48:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.49:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.50:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.233:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.486:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.491:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Profiles\default\wzjmas2p.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Profiles\default\wzjmas2p.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.106:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.107:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.109:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.110:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.111:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.112:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.113:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.114:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.853:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.854:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.855:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.856:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.857:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.131:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.132:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.922:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.206:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.207:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.759:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.14:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Profiles\default\wzjmas2p.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.15:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Profiles\default\wzjmas2p.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.767:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.238:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Marcelo Chamecki\Cookies\marcelo chamecki@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.896:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.250:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.251:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.252:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.304:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.305:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.308:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.175:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.351:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.352:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.930:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.931:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.932:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.357:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.415:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.861:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.862:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Marcelo Chamecki\Cookies\marcelo chamecki@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.874:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.875:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.876:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.877:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.878:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.879:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.880:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.881:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.527:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.538:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.124:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.125:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.126:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.127:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.565:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.566:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.579:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.580:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.581:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.582:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.583:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.584:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.29:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.30:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.31:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.36:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.588:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.589:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
chameckas
2007-05-11, 23:15
:mozilla.590:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.591:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.592:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.593:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.594:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.595:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.596:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.597:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.771:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.298:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.299:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.834:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.121:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.122:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.633:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.634:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.635:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.636:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.637:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.638:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.639:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.640:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.641:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.642:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.643:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.644:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.645:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Marcelo Chamecki\Cookies\marcelo chamecki@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.657:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.658:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.659:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.674:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.680:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.681:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.682:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.683:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.684:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.685:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.686:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.687:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.690:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.726:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.727:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.724:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.725:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.42:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.741:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.750:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.751:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.755:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.756:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.757:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.758:C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Firefox\Profiles\3qlv27hv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
chameckas
2007-05-11, 23:16
Logfile of HijackThis v1.99.1
Scan saved at 5:09:25 PM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marcelo Chamecki\My Documents\programs\scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Profiles\default\wzjmas2p.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Marcelo Chamecki\Application Data\Mozilla\Profiles\default\wzjmas2p.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=051607 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download all by Net Transport - C:\Documents and Settings\Marcelo Chamecki\My Documents\Jazz\NetTransport 2\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Documents and Settings\Marcelo Chamecki\My Documents\Jazz\NetTransport 2\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{65FA4F2F-5357-4752-92E8-95FAD89E4DB4}: NameServer = 128.220.2.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{65FA4F2F-5357-4752-92E8-95FAD89E4DB4}: NameServer = 128.220.2.7
O17 - HKLM\System\CS2\Services\Tcpip\..\{65FA4F2F-5357-4752-92E8-95FAD89E4DB4}: NameServer = 128.220.2.7
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)
chameckas
2007-05-11, 23:17
The computer is ok. Not as slow as before.
chameckas
2007-05-11, 23:28
Ok, that was too early to say something. May system is ok, running fast. But I still have some internet explorer windows popping-up from nowhere (I actually use Firefox). Every once in a while an IE window opens asking whether I want to run IE offline or to try to connect... It is really annoying.
pskelley
2007-05-11, 23:52
Thanks for that feedback, you said that earlier, but the item was still in the HJT log, thus my instructions to remove it. AVG has found all cookies, you do know how to delete cookies?
Here is information to help you control them:
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html

:bigthumb: Good job, the HJT log looks clean, you may rename HJT if you wish and delete all of the tools we downloaded for the fix. The exception is ATF-Cleaner, it is a fine little tool and you may keep it if you wish, let do this now:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

Here is some good information to make the computer perform even better...and safer.
Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
How to prevent Malware
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
pskelley
2007-05-11, 23:57
Have a look here to make sure Firefox is set as your default browser:
http://www.google.com/search?hl=en&q=how+to+make+Firefox+the+default+browser&btnG=Google+Search

If the issue continues, you will need to provide me with more details, since I see nothing in the HJT log or the AVG Anti-Spyware scan report.

Thanks
chameckas
2007-05-12, 00:08
I will clean the system restore now. I will also post more info if the IE popps up again.

Thank you sooo much for your help and patience. I really appreciate it.
pskelley
2007-05-21, 15:27
As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks