PDA

View Full Version : bizzare behavior


niters_4_bad_girls
2007-06-24, 17:29
i openend an .exe file from a site i thought i could trust and my home page was changed and i kept getting dirrected to a site called spycrush. i ran my antivirus and spybot sd and several other anti spyware programs but one annoyance remains, an icon i cannot remove. a windows-like security shield flashing from a blue background with a white question mark to a red back with a white x. can some please tell me what it is and how to remove it.

thanks alot
:oops:

Logfile of HijackThis v1.99.1
Scan saved at 5:47:24 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/20.10/uploader2.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://www.resmap.com/ecwplugins/NCS.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
pskelley
2007-06-25, 03:59
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Follow these directions:

http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.

Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

Post the C:\rapport.txt

Thanks
niters_4_bad_girls
2007-06-25, 11:08
SmitFraudFix v2.195

Scan done at 2:06:37.76, Mon 06/25/2007
Run from C:\Documents and Settings\G-RIFF\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\G-RIFF


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\G-RIFF\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\G-RIFF\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}"="crawley"

[HKEY_CLASSES_ROOT\CLSID\{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}\InProcServer32]
@="C:\WINDOWS\system32\igpfced.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}\InProcServer32]
@="C:\WINDOWS\system32\igpfced.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 207.69.188.185
DNS Server Search Order: 207.69.188.186
DNS Server Search Order: 207.69.188.187

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1ACC5A31-B406-4A75-B530-5B2EBBCC750E}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1ACC5A31-B406-4A75-B530-5B2EBBCC750E}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1ACC5A31-B406-4A75-B530-5B2EBBCC750E}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
pskelley
2007-06-25, 13:14
Thanks for returning your report, follow these directions carefully:

1) I notice this in your log: C:\Program Files\Viewpoint\Common\ViewpointService.exe
For your information, Viewpoint is installed by aol probably without your knowledge.
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546

2) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

3) http://siri.geekstogo.com/SmitfraudFix.php <<< tutorial if needed

Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

4) Follow the directions in this link to run AVG Anti-Spyware, make sure you delete or quarantine anything it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165

Post the C:\rapport.txt, the scan report from AVG Anti-Spyware and a new HJT log, please add any comments you think will help.

Thanks...Phil
niters_4_bad_girls
2007-06-26, 00:24
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:39:57 AM 6/24/2007

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5} -> Adware.Generic : No action taken.
C:\Program Files\Video AX Object -> Adware.RogueSuspect : No action taken.
C:\Program Files\SC\SpyCrush 3.3\SpyCrush 3.3.exe -> Adware.SpyCrush : No action taken.
C:\Downloads\CueMaster-dm[1].exe -> Adware.Trymedia : No action taken.
C:\Downloads\IGWFTSetup-dm[1].exe -> Adware.Trymedia : No action taken.
C:\Downloads\TPGSetup[1].EXE -> Adware.Trymedia : No action taken.
C:\WINDOWS\system32\igpfced.dll -> Downloader.Agent.bus : No action taken.
[364] C:\WINDOWS\system32\igpfced.dll -> Downloader.Agent.bus : No action taken.
:mozilla.111:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.112:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.155:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.163:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.189:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.219:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.229:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.58:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.60:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.61:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.62:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.63:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.64:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.65:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.66:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.67:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.68:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.69:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.70:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\G-RIFF\Cookies\g-riff@semdirector.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@semdirector.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@waterfrontmedia.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp -> TrackingCookie.2o7 : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> TrackingCookie.2o7 : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> TrackingCookie.2o7 : No action taken.
:mozilla.118:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.119:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\G-RIFF\Cookies\g-riff@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\G-RIFF\Cookies\g-riff@ads.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\G-RIFF\Cookies\g-riff@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.94:C:\Documents and Settings\G-RIFF\Application Data\Mozilla\Firefox\Profiles\a8og0xme.default\cookies.txt -> TrackingCookie.Adobe : No action taken.
:mozilla.77:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.81:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.85:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.86:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.28:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.329:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@ads.cnn[1].txt -> TrackingCookie.Cnn : No action taken.
:mozilla.157:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Connextra : No action taken.
:mozilla.158:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Connextra : No action taken.
:mozilla.159:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Connextra : No action taken.
:mozilla.160:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Connextra : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@connextra[1].txt -> TrackingCookie.Connextra : No action taken.
:mozilla.14:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\G-RIFF\Cookies\g-riff@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.17:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@e-2dj6wjk4eoazaep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\G-RIFF\Cookies\g-riff@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.356:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Information : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@searchportal.information[1].txt -> TrackingCookie.Information : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : No action taken.
:mozilla.348:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.349:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.358:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.359:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.360:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.361:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.362:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.363:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.89:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.368:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.369:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\v1iohozk.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\v1iohozk.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.227:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.228:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.234:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.103:C:\Documents and Settings\G-RIFF\Application Data\Mozilla\Firefox\Profiles\a8og0xme.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
:mozilla.405:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
:mozilla.122:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.123:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.124:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.125:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\G-RIFF\Cookies\g-riff@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.238:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.239:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.240:C:\Documents and Settings\Jane Irvin\Application
niters_4_bad_girls
2007-06-26, 00:25
Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.241:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> TrackingCookie.Questionmarket : No action taken.
:mozilla.252:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.253:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.256:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
:mozilla.179:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.154:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.266:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.267:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.268:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.269:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.270:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp -> TrackingCookie.Sexcounter : No action taken.
:mozilla.121:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.59:C:\Documents and Settings\G-RIFF\Application Data\Mozilla\Firefox\Profiles\a8og0xme.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.60:C:\Documents and Settings\G-RIFF\Application Data\Mozilla\Firefox\Profiles\a8og0xme.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.61:C:\Documents and Settings\G-RIFF\Application Data\Mozilla\Firefox\Profiles\a8og0xme.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.82:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.83:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.84:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.87:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.296:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.299:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\G-RIFF\Cookies\g-riff@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.303:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Jane Irvin\Cookies\jane irvin@web-stat[1].txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.342:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> TrackingCookie.Webtrends : No action taken.
:mozilla.46:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> TrackingCookie.Xxxcounter : No action taken.
:mozilla.318:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.319:C:\Documents and Settings\Jane Irvin\Application Data\Mozilla\Firefox\Profiles\ewf07dmk.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.83:C:\Documents and Settings\G-RIFF\Application Data\Mozilla\Firefox\Profiles\a8og0xme.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Program Files\Simple Password\simple password.exe -> Trojan.QQPass.nd : No action taken.


::Report end
pskelley
2007-06-26, 01:04
Please take the time to read and follow the directions. Not doing so creates additional work for both of us.

1)
4) Follow the directions in this link to run AVG Anti-Spyware, make sure you delete or quarantine anything it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165

2) http://forums.spybot.info/showthread.php?t=288

All logs should be copy/pasted into topic and not attached unless requested by helper in that format
Thanks
niters_4_bad_girls
2007-06-26, 20:00
i followed your directions and upon completion of the avg scan, the save report button was not available to be ticked, i have not proceeded to anything else.

it did pick up 5 traces medium riskl, tracking cookies

i await your reply
pskelley
2007-06-26, 20:41
1) We seem to have a communication problem. The instructions said to delete or quarantine and you posted a scan report show "no action taken"
Please run the scan again and delete what is found, if you can't figure out how to post the scan report, just be sure you have followed directions and what was found was deleted.

it did pick up 5 traces medium riskl, tracking cookies
if that is all that was found, make sure there are deleted.

2) The instructions state all logs are to be copied and pasted, you Attached the Files:

Attached Files
rapport.txt2.txt (2.9 KB, 1 views)
rapport.txt3.txt (4.4 KB, 1 views

follow the directions and copy/paste those reports.

please tell me how the computer is ruunning now.

Thanks
niters_4_bad_girls
2007-06-26, 22:19
SmitFraudFix v2.195

Scan done at 13:52:58.20, Mon 06/25/2007
Run from C:\Documents and Settings\G-RIFF\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}"="crawley"

[HKEY_CLASSES_ROOT\CLSID\{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}\InProcServer32]
@="C:\WINDOWS\system32\igpfced.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}\InProcServer32]
@="C:\WINDOWS\system32\igpfced.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 207.69.188.185
DNS Server Search Order: 207.69.188.186
DNS Server Search Order: 207.69.188.187

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1ACC5A31-B406-4A75-B530-5B2EBBCC750E}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1ACC5A31-B406-4A75-B530-5B2EBBCC750E}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1ACC5A31-B406-4A75-B530-5B2EBBCC750E}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}"="crawley"

[HKEY_CLASSES_ROOT\CLSID\{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}\InProcServer32]
@="C:\WINDOWS\system32\igpfced.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}\InProcServer32]
@="C:\WINDOWS\system32\igpfced.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End
niters_4_bad_girls
2007-06-26, 22:22
SmitFraudFix v2.195

Scan done at 15:19:00.12, Mon 06/25/2007
Run from C:\Documents and Settings\G-RIFF\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\G-RIFF


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\G-RIFF\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\G-RIFF\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}"="crawley"

[HKEY_CLASSES_ROOT\CLSID\{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}\InProcServer32]
@="C:\WINDOWS\system32\igpfced.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}\InProcServer32]
@="C:\WINDOWS\system32\igpfced.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 207.69.188.185
DNS Server Search Order: 207.69.188.186
DNS Server Search Order: 207.69.188.187

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1ACC5A31-B406-4A75-B530-5B2EBBCC750E}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1ACC5A31-B406-4A75-B530-5B2EBBCC750E}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1ACC5A31-B406-4A75-B530-5B2EBBCC750E}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
pskelley
2007-06-26, 22:47
You have me confused now with all of these reports and the way you posted them.

The Last report: Scan done at 15:19:00.12, Mon 06/25/2007
Fix run in normal mode
Looks like it is still showing infection. I would like you to read and follow these directions very carefully please.

1) Smitfraudfix is updated daily or more often. I want you to delete all Smitfraudfix you have on your computer.

2) When it is all gone, then I want you to download it fresh from here:
http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here

3) I want you to do this and only this:

Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

3) Now Copy and Paste the C:\rapport.txt and a new HJT log to this topic.

4) Tell me about any malware problems.

Thank you
niters_4_bad_girls
2007-06-27, 00:00
machine appears to be running well. you mentioned that viewpoint was spyware? how can i remove it?

thank you


SmitFraudFix v2.197

Scan done at 14:26:57.03, Tue 06/26/2007
Run from C:\Documents and Settings\G-RIFF\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}"="crawley"

[HKEY_CLASSES_ROOT\CLSID\{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}\InProcServer32]
@="C:\WINDOWS\system32\igpfced.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}\InProcServer32]
@="C:\WINDOWS\system32\igpfced.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1ACC5A31-B406-4A75-B530-5B2EBBCC750E}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1ACC5A31-B406-4A75-B530-5B2EBBCC750E}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1ACC5A31-B406-4A75-B530-5B2EBBCC750E}: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=207.69.188.185 207.69.188.186 207.69.188.187


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 2:51:14 PM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/20.10/uploader2.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://www.resmap.com/ecwplugins/NCS.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
pskelley
2007-06-27, 00:20
That's great to here:bigthumb: I posted links to information about Viewpoint, it can be uninstalled in Add Remove programs.
Here is some information about the Smitfraud junk:
If you have been infected by one of the SpyAxe family
http://forums.tomcoyote.org/index.php?showtopic=58063
http://www.malwarecomplaints.info/

Your HJT log looks clean of malware, let's finish like this.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

If you want to run a good free trial to check for hidden junk, use this one with these instruction, delete or quarantine anything it finds and post the scan results if you have questions.
http://forums.security-central.us/showthread.php?t=3165
Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
pskelley
2007-07-02, 13:07
As the problem appears to be resolved this topic has been closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks...pskelley