View Full Version : Popups and random shutdowns
Hello guys, my computer has been restarting itself at random times lately. I also repeatedly get window popups stating that I have malware and that I must download and install a scanner to remove them. I was not able to complete the online virus scan but I did use housecall and found no problems. My HJT log is posted below. THanks in advance for your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:51 PM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5DDE5591-A8AB-4897-93EF-1E4E943F85A7} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Protection Bar - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [VirusProtectPro 3.7] "C:\Program Files\VirusProtectPro 3.7\VirusProtectPro 3.7.exe" /h
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: SATARAID5.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: falsism - {6e886df7-914d-48f0-86b3-a5cf24385361} - C:\WINDOWS\system32\fwrkqfl.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 6143 bytes
pskelley
2007-08-21, 14:35
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Looks like you are infected, let's find out like this:
http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.
Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
Post the C:\rapport.txt
Thanks
Followed the posted instructions and a copy of the logfile is posted below. Thank you.
SmitFraudFix v2.214
Scan done at 13:09:00.95, Tue 08/21/2007
Run from C:\Documents and Settings\Dingo\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dingo
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dingo\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\Dingo\STARTM~1\Programs\VirusProtectPro FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Dingo\FAVORI~1
C:\DOCUME~1\Dingo\FAVORI~1\Online Security Test.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6e886df7-914d-48f0-86b3-a5cf24385361}"="falsism"
[HKEY_CLASSES_ROOT\CLSID\{6e886df7-914d-48f0-86b3-a5cf24385361}\InProcServer32]
@="C:\WINDOWS\system32\fwrkqfl.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6e886df7-914d-48f0-86b3-a5cf24385361}\InProcServer32]
@="C:\WINDOWS\system32\fwrkqfl.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2B344147-C729-4F33-B559-09EE8F149F42}: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
pskelley
2007-08-21, 21:51
http://siri.geekstogo.com/SmitfraudFix.php <<< tutorial if needed
Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
Post the C:\rapport.txt and a new HJT log, let me know how the computer is running now.
Thanks
Things seem to be working well so far. No more security popups.
SmitfraudFix log:
SmitFraudFix v2.214
Scan done at 19:35:03.81, Tue 08/21/2007
Run from C:\Documents and Settings\Dingo\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6e886df7-914d-48f0-86b3-a5cf24385361}"="falsism"
[HKEY_CLASSES_ROOT\CLSID\{6e886df7-914d-48f0-86b3-a5cf24385361}\InProcServer32]
@="C:\WINDOWS\system32\fwrkqfl.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6e886df7-914d-48f0-86b3-a5cf24385361}\InProcServer32]
@="C:\WINDOWS\system32\fwrkqfl.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\fwrkqfl.dll -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\fwrkqfl.dll -> Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\DOCUME~1\Dingo\STARTM~1\Programs\VirusProtectPro Deleted
C:\DOCUME~1\Dingo\FAVORI~1\Online Security Test.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2B344147-C729-4F33-B559-09EE8F149F42}: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:42 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [VirusProtectPro 3.7] "C:\Program Files\VirusProtectPro 3.7\VirusProtectPro 3.7.exe" /h
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: SATARAID5.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 5591 bytes
pskelley
2007-08-22, 02:01
We have a little additional work to do here, let me explain. The creator of Smitfraudfix adds the junk as fast as he can to try to keep up with the lowlife hackers. Version 2.215 (August 22,2007) In Europe, the VirusProtectPro 3.7 rouge programs was added to the fix. You have the junk running on your computer and the fix will clean it much better than we could manually.
O4 - HKLM\..\Run: [VirusProtectPro 3.7] "C:\Program Files\VirusProtectPro 3.7\VirusProtectPro 3.7.exe" /h
As you can see you used version SmitFraudFix v2.214.
What I would like you to do is delete that version of the fix and download the new version:
http://siri.geekstogo.com/SmitfraudFix.php
When you get it downloaded, there is no need to "Search", just do this:
Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
Post the C:\rapport.txt and a new HJT log.
Thanks
SmitfraudFix Log
SmitFraudFix v2.215
Scan done at 21:41:36.23, Tue 08/21/2007
Run from C:\Documents and Settings\Dingo\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2B344147-C729-4F33-B559-09EE8F149F42}: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:52 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: SATARAID5.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 5484 bytes
Thank you.
pskelley
2007-08-22, 11:44
Thanks, updated Smitfraudfix took care of that junk, since you have AVG Anti-Spyware onboard already, let's run a scan with that to make sure nothing is hiding.
Please remove Smitfraudfix from your computer.
Follow the directions in this link to run AVG Anti-Spyware, make sure you delete or quarantine anything it finds and save the scan report to post.
http://forums.security-central.us/showthread.php?t=3165
Run Clean Manager
http://spyware-free.us/tutorials/cleanmgr/
Restart the computer and post the scan results only and let me know how the computer is running now.
Thanks
AVG SCAN
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:47:37 PM 8/24/2007
+ Scan result:
C:\System Volume Information\_restore{8E5B7CBB-A960-4407-ADE5-4A2C5F914C0A}\RP147\A0126402.ini -> Adware.Qworke : Cleaned.
:mozilla.185:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.191:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.237:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.239:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.250:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.400:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.401:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.413:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.443:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.600:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.601:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.602:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.204:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.205:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.45:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.47:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.48:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.49:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.14:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.643:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.644:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dingo\Cookies\dingo@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.655:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.659:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.81:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.82:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.83:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.588:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.256:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.257:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.139:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.252:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.174:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.175:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.176:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.177:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.581:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.21:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dingo\Cookies\dingo@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.301:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.302:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.289:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.28:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.29:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.64:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.65:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.66:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.684:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.685:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.90:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.320:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.333:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.334:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.631:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.632:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.633:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.634:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.608:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.436:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.437:C:\Documents and Settings\Dingo\Application
Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.446:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.76:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.100:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.101:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.102:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.103:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.104:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.105:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.106:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.107:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.99:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.97:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.98:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.57:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.58:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.62:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.63:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.469:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.470:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.471:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.472:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.473:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.474:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.475:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.589:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.295:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.296:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.297:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.298:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.67:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.68:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.69:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.70:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.71:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.72:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.145:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.154:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.156:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.157:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.158:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.159:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.160:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.161:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.162:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.173:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.46:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.52:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.53:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.54:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.119:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.122:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.124:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.125:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.129:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.94:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.95:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.96:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.533:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.534:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.535:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.19:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.611:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.584:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.585:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.586:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.587:C:\Documents and Settings\Dingo\Application Data\Mozilla\Firefox\Profiles\hc1dqpww.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Thanks!
pskelley
2007-08-24, 23:59
Looks good:bigthumb: If all is well, remove the tools we downloaded like Smitfraudfix. Here is some information to help you stop storing those cookies if you wish:
http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
Please do this now: System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.