I'm Bod and here to help you with your Hijack This log.
Please only use this topic for your replies on this problem. Do not start another thread. The fixes we will use are specific to your problems and should only be used for this problem on this computer. These things need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.
I've had a look through your log and I now have some instructions for you to follow.
Before you start, please read through these instructions and make sure that you understand them. If you are not sure about anything, post a reply in this thread with your questions.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Please do not try any other "fixes" you may have found on the internet while we are sorting this problem out, it's important that we work through the fix in a systematic manner.
Step 1 Download SmitfraudFix from http://siri.urz.free.fr/Fix/SmitfraudFix.zip and save the file to your desktop. Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder created in step 1 and double-click "smitfraudfix.cmd". Please do not try to use any of the other files in the folder until instructed. Select option "1 - Search" by typing "1" and pressing "Enter" on the keyboard. A text file will appear, which lists infected files (if present). We are only generating a report at this stage, not cleaning yet.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. See http://www.beyondlogic.org/consulting/proc...processutil.htm
Please copy/paste the content of the report generated into your next reply. The report can be found at the root of the system drive, usually at C:\rapport.txt.
I'll check the report and get back to you with the next stage of the fix.
I greatly appreciate your quick reply and your help.
I proceeded as you asked...I ran Smitfrau and here's what I got back from the search...
SmitFraudFix v2.74
Scan done at 18:48:49.90, 21-Jul-06
Run from C:\Documents and Settings\Nikos Alexiadis\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\dlh9jkdq?.exe FOUND !
C:\WINDOWS\system32\ismon.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nikos Alexiadis\Application Data
Regarding SP2, I recommend that you install SP2 after we have sorted out the problems that are on the pc. Installing SP2 onto a pc that isn't right to begin with just makes matters worse, often bad enough to need a format and re-install of Windows. I'll give you the all-clear at the end when it'll be safe to install SP2.
Now for the next stage of the fix.
Again, before you start, please read through these instructions and make sure that you understand them. If you are not sure about anything, post a reply in this thread with your questions. You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Step 1 Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.
The next part of this fix will be carried out in Safe Mode.
Step 2 Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option "2 - Clean" by typing "2" and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; type "Y" and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); type "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, reboot as normal.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt
Step 3 Download Ewido from www.ewido.net/en/download, and install. At the end of the installation process, leave the tick in the "Run Ewido Anti-Spyware 4.0" checkbox. Click "Finish"
When opening screen appears, click "change state" for "Resident Shield" to change state to "inactive" This is done to prevent the resident shield interferring with our attempts to fix the problems present on the pc.
Ewido will automatically update, and a toolbar message balloon will confirm that update is complete. If this doesn't happen, click Update > Start Update.
Close Ewido.
Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.
Run Ewido again, click Scanner > Complete System Scan.
At the end of the scan, a list of found objects will be generated. Check through the list for false positives, and change the "Action" entry if necessary.
Click "Apply all actions"
When the actions have been completed, click Save Report > Save report as, and save report as a text file on your desktop. I will need a copy of the report contents as part of your next post.
Step 4 Run Hijack This, "Scan" and post the log, together with a copy of the SmitFraudFix and Ewido logs, as a reply to this thread. I'll check it through, and get back to you.
The TASK MANAGER is working great! You have fixed my problem! Thank you very much!
Here's what you have requested!
Should I install SP2? I did have a problem in the past and I removed it by formating my PC. Is there a way to remove is without format? What I mean is...is SP2 reverseble? Can I switch back to SP1 if I am having problems? Can I fix it by System Restore?
Thank you again!
OK...here's the logs...
HJT LOG...
"Logfile of HijackThis v1.99.1
Scan saved at 20:36:02, on 22-Jul-06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Scan done at 18:53:38.46, 22-Jul-06
Run from C:\Documents and Settings\Nikos Alexiadis\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop CS
Adobe Reader 7.0.8
Agere Systems AC'97 Modem
AnalogX Proxy
ASUS Wireless AP Utilities
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audio Conversion Wizard 1.4
AVS Audio Tools version 3.3
BCM Wireless Network Adapter
DC++ 0.691
DivX Player
DivX Pro Codec
DVD SΗrink 3.2
eMule
ewido anti-spyware 4.0
Google Earth
Google Gmail Notifier
Google Video Player
HijackThis 1.99.1
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_01
Kazaa Lite K++ v2.4.3
Launch Manager
LimeWire 4.10.9
Macrogaming SweetIM 1.1a
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee Uninstall Wizard
Messenger Plus! 3
Microsoft AntiSpyware
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5.0.4)
MP3 Workshop XP 1.6
m-Router 3.1
MS Access 97 SP2
MSN Music Assistant
MyAlbum version 2.4
Nero 6 Ultra Edition
Nokia Connectivity Cable Driver
Nokia PC Suite
NTI CD & DVD-Maker 6.5 Gold
PowerDVD
QuickTime
Realtek AC'97 Audio
Record-Anything v2.7 Trial Edition
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Sonic Foundry Sound Forge 6.0
SPSS 13.0 for Windows
Synaptics Pointing Device Driver
Ulead VideoStudio 6
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Virtual DJ - Atomix Productions
WhiteCap
WIDCOMM Bluetooth Software
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB916281
Windows XP Hotfix - KB918439
WinRAR archiver
WLAN 802.11g mini-PCI Module
XviD MPEG-4 Video Codec
XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
Thanks for the uninstall list. Sorry it's taken me a while to get back to you.
I now have some more instructions for you to follow.
Before you start, please read through these instructions and make sure that you understand them. If you are not sure about anything, post a reply in this thread with your questions.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Save to your desktop and run it. Click Next > Install, then make sure "Run fixit" is checked and click Finish. The fix will begin, follow the prompts and reboot when instructed. Your system may take longer than usual to load, this is normal.
At the end of the fix, you may need to reboot again.
A logfile C:\fixwareout\report.txt will be created. I'll need a copy of this as part of yor next post.
Step 2 This step is based on the presumption that your ISP is Hellas On Line. If this is not the case, don't carry out this step and let me know.
Click Start > Control Panel. If you are using Windows XP's Category View, select Network and Internet Connections category otherwise double click on Network Connections. Right click on your default connection, usually local area connection for cable and dsl (or possibly wireless connection on a laptop), and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and check that 194.30.220.114 and 194.30.220.117 are listed as your Preferred and Alternate DNS server. Change the values entered to these if necessary. Click OK > OK to close the properties screen and reboot if instructed.
Step 3 Click Start > Run and type cmd in the Open field, then click OK type ipconfig /flushdns then press enter key, type exit then press enter key Note: the space between g and / is needed
Step 4 Messenger Plus brings the LOP infection with it, so we need to remove it. Click Start > Control Panel > Add/Remove Programs. Allow the list to populate, then click on "Remove" for the following program that may appear in the list. MessengerPlus3
The "Messenger Plus! - Setup" screen is now displayed. Click "Uninstall". Note: options displayed on the first screen are not related to the sponsor program.
The sponsor screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed. Once you enter the code, click "Uninstall".
If you entered the code properly, the program will ask you to confirm that you want to uninstall. You must answer "Yes" to this question, else, you won't have another chance of uninstalling.
To complete the uninstallation, follow the instructions that are displayed (the first one is to close all your Internet Explorer windows, that's very important).
When everything is complete, reboot.
Step 5 - Java Update - This is essential, earlier versions of Java can be exploited Go to http://java.sun.com/j2se/1.5.0/download.jsp and download and install JRE 5.0 Update 7. Click the link "Download JRE 5.0 Update 7". You will then need to select "Accept License Agreement" and click "Continue". Then click the link "Windows Offline Installation, Multi-language", and save it to your Desktop. Then go back to your Desktop and double click "jre-1_5_0_07-windows-i586-p.exe" to start the install.
Once you have it installed, Click Start > Control Panel > Add/Remove Programs. Allow the list to populate, then click on "Remove" for "J2SE Runtime Environment 5.0 Update 6 and Java 2 Runtime Environment, SE v1.4.2_01".
Step 6 Run Hijack This, "Scan" and post the log, together with the fixwareout log, as a reply to this thread. I'll check it through, and get back to you with what to do next.
ΟΚ...I did everything you asked. The unistalling of MessengerPlus was a little different...meaning that it did not prompt me to any sponsor program. I hit the bullet that refered to uninstalling the sponsor program along with MessengerPlus.
Here's the FixWareout scan...
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate
»»»»» Search by size and names...
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects
Directory of C:\WINDOWS\system32
And the HJT scan...
Logfile of HijackThis v1.99.1
Scan saved at 17:04:09, on 24-Jul-06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
It's hard to keep track with the changes to the Messenger Plus program, but it looks as though you've uninstalled it OK.
The new Hijack This log is clean.
Before we discuss installation of SP2, I'd like you to carry out a couple more scans to make sure the pc is clean. As I mentioned in an earlier post, if your pc isn't clean when you install SP2 then you can have problems.
Please read through these instructions and make sure that you understand them. If you are not sure about anything, post a reply in this thread with your questions. You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Run ATF Cleaner. Click on the check box to select the following options: Windows Temp All Users Temp Cookies Temporary Internet Files Prefetch Recycle Bin Click "Empty Selected". Exit when finished.
Step 2 Run Ewido and allow it to automatically update, a toolbar message balloon will confirm that update is complete. If this doesn't happen, click Update > Start Update.
Close Ewido.
Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.
Run Ewido again, click Scanner > Complete System Scan.
At the end of the scan, a list of found objects will be generated. Check through the list for false positives, and change the "Action" entry if necessary.
Click "Apply all actions"
When the actions have been completed, click Save Report > Save report as, and save report as a text file on your desktop. I will need a copy of the report contents as part of your next post. This should be much shorter this time!
You will be promted to install an ActiveX component from Kaspersky, Click "Yes". The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on "NEXT" Now click on "Scan Settings" In the scan settings, make sure that the following are selected: "Scan using the following Anti-Virus database:" Extended (if available otherwise Standard)
"Scan Options:" Scan Archives Scan Mail Bases
Click "OK"
Now under "select a target to scan:" Select "My Computer"
This will program will start and scan your system. The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected. Click on "Save as Text" and save the file to your desktop.
Post the Ewido and KAV scan logs as your next reply. I'll check it through, and get back to you.
In case I install SP2 when you advise me so...is the process revirsable? Can it be removed by let's say...System Restore?
Here's the logs you requested...
Karpersky Scan...
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 25, 2006 21:25:35
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 25/07/2006
Kaspersky Anti-Virus database records: 209786
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 76802
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:30:54
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\~DF4B28.tmp Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\~DF6FD2.tmp Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\~DFFAD5.tmp Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\~DFFC9F.tmp Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\~DF1BF3.tmp Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\~DF1C38.tmp Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\History\History.IE5\MSHist012006072520060726\index.dat Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Microsoft\Windows Live Contacts\nikosalexiadis@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Microsoft\Windows Live Contacts\nikosalexiadis@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\history.dat Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\parent.lock Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cert8.db Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\key3.db Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{74A9FCD9-B74E-4264-890A-B203AA302CB0}\RP378\change.log Object is locked skipped
Bod99
561 Posts
0
July 20th, 2006 19:00
Hi
I'm Bod and here to help you with your Hijack This log.
Please only use this topic for your replies on this problem. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this problem on this computer.
These things need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.
I've had a look through your log and I now have some instructions for you to follow.
Before you start, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Please do not try any other "fixes" you may have found on the internet while we are sorting this problem out, it's important that we work through the fix in a systematic manner.
Step 1
Download SmitfraudFix from http://siri.urz.free.fr/Fix/SmitfraudFix.zip and save the file to your desktop.
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder created in step 1 and double-click "smitfraudfix.cmd". Please do not try to use any of the other files in the folder until instructed.
Select option "1 - Search" by typing "1" and pressing "Enter" on the keyboard.
A text file will appear, which lists infected files (if present). We are only generating a report at this stage, not cleaning yet.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
See http://www.beyondlogic.org/consulting/proc...processutil.htm
Please copy/paste the content of the report generated into your next reply. The report can be found at the root of the system drive, usually at C:\rapport.txt.
I'll check the report and get back to you with the next stage of the fix.
Thanks,
Bod
NikosAlfa147
113 Posts
0
July 21st, 2006 14:00
I proceeded as you asked...I ran Smitfrau and here's what I got back from the search...
SmitFraudFix v2.74
Scan done at 18:48:49.90, 21-Jul-06
Run from C:\Documents and Settings\Nikos Alexiadis\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\dlh9jkdq?.exe FOUND !
C:\WINDOWS\system32\ismon.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nikos Alexiadis\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\NIKOSA~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Something else...do you think I should instal SP2 on my laptop? I used to have some problems and I formated it long time ago.
Thank you,
Best Regards,
Nikos
Bod99
561 Posts
0
July 21st, 2006 17:00
Hi Nikos,
Thanks for the log.
Regarding SP2, I recommend that you install SP2 after we have sorted out the problems that are on the pc. Installing SP2 onto a pc that isn't right to begin with just makes matters worse, often bad enough to need a format and re-install of Windows.
I'll give you the all-clear at the end when it'll be safe to install SP2.
Now for the next stage of the fix.
Again, before you start, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.
You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Step 1
Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.
The next part of this fix will be carried out in Safe Mode.
Step 2
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option "2 - Clean" by typing "2" and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; type "Y" and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); type "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, reboot as normal.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Step 3
Download Ewido from www.ewido.net/en/download, and install. At the end of the installation process, leave the tick in the "Run Ewido Anti-Spyware 4.0" checkbox. Click "Finish"
When opening screen appears, click "change state" for "Resident Shield" to change state to "inactive" This is done to prevent the resident shield interferring with our attempts to fix the problems present on the pc.
Ewido will automatically update, and a toolbar message balloon will confirm that update is complete. If this doesn't happen, click Update > Start Update.
Close Ewido.
Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.
Run Ewido again, click Scanner > Complete System Scan.
At the end of the scan, a list of found objects will be generated. Check through the list for false positives, and change the "Action" entry if necessary.
Click "Apply all actions"
When the actions have been completed, click Save Report > Save report as, and save report as a text file on your desktop. I will need a copy of the report contents as part of your next post.
Step 4
Run Hijack This, "Scan" and post the log, together with a copy of the SmitFraudFix and Ewido logs, as a reply to this thread. I'll check it through, and get back to you.
Thanks,
Bod
NikosAlfa147
113 Posts
0
July 22nd, 2006 16:00
:mozilla.322:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.84:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@centrport[2].txt.bak -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@cz3.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@cz8.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.211:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.79:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.80:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.122:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@doubleclick[2].txt.bak -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.679:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.724:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.725:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.835:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.844:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.473:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.714:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.536:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.140:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.141:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.142:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.143:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.144:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.537:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.538:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.539:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.540:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.541:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.648:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@as-eu.falkag[3].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@sel.as-eu.falkag[3].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.129:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.130:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.132:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.33:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@fastclick[1].txt.bak -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.251:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.34:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.585:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.586:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.665:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.700:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.701:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.702:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.703:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.704:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.708:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.726:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.729:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.730:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.731:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.732:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.733:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.734:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.83:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.855:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.858:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@ehg-deltatre.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@ehg-nokiafin.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@hg1.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@ehg-nokiafin.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.343:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.644:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
PART 3 Coming up...
NikosAlfa147
113 Posts
0
July 22nd, 2006 16:00
I have done what you have told me.
The TASK MANAGER is working great! You have fixed my problem! Thank you very much!
Here's what you have requested!
Should I install SP2? I did have a problem in the past and I removed it by formating my PC. Is there a way to remove is without format? What I mean is...is SP2 reverseble? Can I switch back to SP1 if I am having problems? Can I fix it by System Restore?
Thank you again!
OK...here's the logs...
HJT LOG...
"Logfile of HijackThis v1.99.1
Scan saved at 20:36:02, on 22-Jul-06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ferrariworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = turbo.hol.gr:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [\\Plato\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P34 "\\Plato\EPSON Stylus CX3600 Series" /O6 "USB002" /M "Stylus CX3600"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on VASSILISLAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P49 "Auto EPSON Stylus CX3600 Series on VASSILISLAPTOP" /O22 "\\VASSILISLAPTOP\EPSON" /M "Stylus CX3600"
O4 - HKLM\..\Run: [\\VASSILISLAPTOP\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P43 "\\VASSILISLAPTOP\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on DESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P42 "Auto EPSON Stylus CX3600 Series on DESKTOP" /O15 "\\DESKTOP\EPSON" /M "Stylus CX3600"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\\Desktop\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "\\Desktop\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{147DDB66-960F-4CCE-8F3A-5C2FEA83F58D}: NameServer = 194.30.220.114,194.30.220.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{664A9738-1888-4E74-AA9E-4A5C1B595F34}: NameServer = 194.30.220.114,194.30.220.117
O17 - HKLM\System\CS1\Services\Tcpip\..\{147DDB66-960F-4CCE-8F3A-5C2FEA83F58D}: NameServer = 194.30.220.114,194.30.220.117
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe"
And finally SmitFraud and ewido scan report coming up in the next message. It wouldn't let me do it on this message.
NikosAlfa147
113 Posts
0
July 22nd, 2006 16:00
PART 1...EWIDO SCAN...
"---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 20:32:55 22-Jul-06
+ Scan result:
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-3088433937-4025279379-689279713-1005\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Nikos Alexiadis\My Documents\Programs\Messenger Plus! - Setup.exe/sponsor.exe -> Downloader.Swizzor.ag : Error during cleaning.
C:\WINDOWS\system32\pbwhpftp.djd -> Hijacker.Small.js : Cleaned with backup (quarantined).
C:\WINDOWS\system32\uxyujxhw.onv -> Hijacker.Small.js : Cleaned with backup (quarantined).
:mozilla.674:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.675:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.100:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\1fnk2grw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.346:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.438:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.742:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.85:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.872:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.87:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.89:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@abcsearch[3].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.48:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.49:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.50:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.51:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@z1.adserver[2].txt.bak -> TrackingCookie.Adserver : Cleaned.
:mozilla.930:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.931:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.238:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.239:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.240:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.241:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.242:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.243:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\1fnk2grw.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.53:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.71:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@atdmt[2].txt.bak -> TrackingCookie.Atdmt : Cleaned.
:mozilla.600:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.474:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.134:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.145:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.146:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.318:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.319:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.320:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned."
Second part is coming up...
NikosAlfa147
113 Posts
0
July 22nd, 2006 16:00
SmitFraudFix v2.74
Scan done at 18:53:38.46, 22-Jul-06
Run from C:\Documents and Settings\Nikos Alexiadis\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\dlh9jkdq?.exe Deleted
C:\WINDOWS\system32\ismon.exe Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
EWIDO scan report is coming up...
NikosAlfa147
113 Posts
0
July 22nd, 2006 16:00
PART 3...
":mozilla.645:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.53:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Lop : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@ayb.lop[2].txt.bak -> TrackingCookie.Lop : Cleaned.
:mozilla.270:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.287:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.288:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\1fnk2grw.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.681:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.682:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.123:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.124:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.47:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.534:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.535:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@paycounter[3].txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.363:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.364:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.365:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.366:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@hekate.porntrack[2].txt -> TrackingCookie.Porntrack : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@stats3.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned.
:mozilla.838:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.839:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.218:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.219:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.220:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.225:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.226:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.227:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.61:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@revenue[3].txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.656:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.657:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.658:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.274:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.275:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.276:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.277:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.278:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.279:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.280:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.763:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.764:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.765:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.766:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.767:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.768:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.769:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.770:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.771:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.772:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.773:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.774:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.775:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.776:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.777:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.778:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.779:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.780:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.781:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.782:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.783:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.784:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.785:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.786:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.787:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.788:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.789:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.790:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.791:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.792:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.793:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.794:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.795:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.796:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.797:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.798:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.799:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.800:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.801:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.802:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@cs.sexcounter[3].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@cs.sexcounter[4].txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.18:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.19:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
:mozilla.20:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@sexlist[2].txt.bak -> TrackingCookie.Sexlist : Cleaned."
PART 4 Coming up...
NikosAlfa147
113 Posts
0
July 22nd, 2006 17:00
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter13.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter15.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter2.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter5.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter5.sextracker[3].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter6.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter8.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@counter9.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@sextracker[4].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@counter11.sextracker[1].txt.bak -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@counter13.sextracker[2].txt.bak -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@counter15.sextracker[1].txt.bak -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@counter16.sextracker[1].txt.bak -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@counter2.sextracker[1].txt.bak -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@counter3.sextracker[1].txt.bak -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@counter5.sextracker[1].txt.bak -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\SpyHunter\Backup\nikos alexiadis@sextracker[1].txt.bak -> TrackingCookie.Sextracker : Cleaned.
:mozilla.556:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.698:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.709:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.710:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.961:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.160:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.161:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.162:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.163:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.164:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.165:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.166:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.167:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.168:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.169:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.170:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.171:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.172:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.173:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.174:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.175:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.176:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.177:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.148:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.149:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.150:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.560:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.378:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.379:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.380:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.446:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.447:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.547:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.147:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.478:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.256:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\LocalService\Cookies\nikos alexiadis@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@xxxcounter[4].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@xxxtoolbar[1].txt -> TrackingCookie.Xxxtoolbar : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@xxxtoolbar[2].txt -> TrackingCookie.Xxxtoolbar : Cleaned.
:mozilla.567:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.234:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.235:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.237:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.12:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.13:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\xgp0haq3.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.244:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.245:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.246:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@c4.zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@c4.zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Nikos Alexiadis\Cookies\nikos alexiadis@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} -> Trojan.Zapchast : Cleaned with backup (quarantined).
::Report end
Again...thank you for your help!
Bod99
561 Posts
0
July 22nd, 2006 21:00
Hi Nikos,
Thanks for the logs.
As you'll appreciate, it's going to take me a little while to go through them all and make sure nothing is being missed.
In the mean time please post me the list of programs on the Add / Remove list, as follows:-
Run Hijack This, click Config.. > Misc Tools > Open Uninstall Manager > Save list.. and save the file to your desktop.
Please post the contents of the list as your next reply.
Once I've gone through all the logs and I have the uninstall list, I'll get back to you with any more steps necessary to completely clean your pc.
Don't worry about SP2 yet, we'll come to that when the pc is definitely clean.
Thanks,
Bod
NikosAlfa147
113 Posts
0
July 23rd, 2006 08:00
Good luck with these long lists!
Thank you very much for you help again!!!
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop CS
Adobe Reader 7.0.8
Agere Systems AC'97 Modem
AnalogX Proxy
ASUS Wireless AP Utilities
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audio Conversion Wizard 1.4
AVS Audio Tools version 3.3
BCM Wireless Network Adapter
DC++ 0.691
DivX Player
DivX Pro Codec
DVD SΗrink 3.2
eMule
ewido anti-spyware 4.0
Google Earth
Google Gmail Notifier
Google Video Player
HijackThis 1.99.1
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_01
Kazaa Lite K++ v2.4.3
Launch Manager
LimeWire 4.10.9
Macrogaming SweetIM 1.1a
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee Uninstall Wizard
Messenger Plus! 3
Microsoft AntiSpyware
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5.0.4)
MP3 Workshop XP 1.6
m-Router 3.1
MS Access 97 SP2
MSN Music Assistant
MyAlbum version 2.4
Nero 6 Ultra Edition
Nokia Connectivity Cable Driver
Nokia PC Suite
NTI CD & DVD-Maker 6.5 Gold
PowerDVD
QuickTime
Realtek AC'97 Audio
Record-Anything v2.7 Trial Edition
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Sonic Foundry Sound Forge 6.0
SPSS 13.0 for Windows
Synaptics Pointing Device Driver
Ulead VideoStudio 6
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Virtual DJ - Atomix Productions
WhiteCap
WIDCOMM Bluetooth Software
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB916281
Windows XP Hotfix - KB918439
WinRAR archiver
WLAN 802.11g mini-PCI Module
XviD MPEG-4 Video Codec
XviD Video Codec 04102002-1 (Koepi's build with EPSZ ME)
Thank you...
Nikos
Bod99
561 Posts
0
July 24th, 2006 09:00
Hi Nikos,
Thanks for the uninstall list. Sorry it's taken me a while to get back to you.
I now have some more instructions for you to follow.
Before you start, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Step 1
Download FixWareout from http://downloads.subratam.org/Fixwareout.exe or http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save to your desktop and run it. Click Next > Install, then make sure "Run fixit" is checked and click Finish.
The fix will begin, follow the prompts and reboot when instructed. Your system may take longer than usual to load, this is normal.
At the end of the fix, you may need to reboot again.
A logfile C:\fixwareout\report.txt will be created. I'll need a copy of this as part of yor next post.
Step 2
This step is based on the presumption that your ISP is Hellas On Line. If this is not the case, don't carry out this step and let me know.
Click Start > Control Panel. If you are using Windows XP's Category View, select Network and Internet Connections category otherwise double click on Network Connections.
Right click on your default connection, usually local area connection for cable and dsl (or possibly wireless connection on a laptop), and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and check that 194.30.220.114 and 194.30.220.117 are listed as your Preferred and Alternate DNS server. Change the values entered to these if necessary.
Click OK > OK to close the properties screen and reboot if instructed.
Step 3
Click Start > Run and type cmd in the Open field, then click OK
type ipconfig /flushdns then press enter key, type exit then press enter key
Note: the space between g and / is needed
Step 4
Messenger Plus brings the LOP infection with it, so we need to remove it.
Click Start > Control Panel > Add/Remove Programs.
Allow the list to populate, then click on "Remove" for the following program that may appear in the list.
MessengerPlus3
The "Messenger Plus! - Setup" screen is now displayed. Click "Uninstall". Note: options displayed on the first screen are not related to the sponsor program.
The sponsor screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed. Once you enter the code, click "Uninstall".
If you entered the code properly, the program will ask you to confirm that you want to uninstall. You must answer "Yes" to this question, else, you won't have another chance of uninstalling.
To complete the uninstallation, follow the instructions that are displayed (the first one is to close all your Internet Explorer windows, that's very important).
When everything is complete, reboot.
Step 5 - Java Update - This is essential, earlier versions of Java can be exploited
Go to http://java.sun.com/j2se/1.5.0/download.jsp and download and install JRE 5.0 Update 7.
Click the link "Download JRE 5.0 Update 7". You will then need to select "Accept License Agreement" and click "Continue". Then click the link "Windows Offline Installation, Multi-language", and save it to your Desktop.
Then go back to your Desktop and double click "jre-1_5_0_07-windows-i586-p.exe" to start the install.
Once you have it installed, Click Start > Control Panel > Add/Remove Programs.
Allow the list to populate, then click on "Remove" for "J2SE Runtime Environment 5.0 Update 6 and Java 2 Runtime Environment, SE v1.4.2_01".
Step 6
Run Hijack This, "Scan" and post the log, together with the fixwareout log, as a reply to this thread. I'll check it through, and get back to you with what to do next.
Thanks,
Bod
NikosAlfa147
113 Posts
0
July 24th, 2006 13:00
Here's the FixWareout scan...
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\pgtshlld
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nidnsdr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23naelch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\aplnsftn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23rtcdaol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\znxmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\pgtshlld
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nidnsdr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23naelch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ytpme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23lserspg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\aplnsftn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23rtcdaol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate
»»»»» Search by size and names...
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects
Directory of C:\WINDOWS\system32
And the HJT scan...
Logfile of HijackThis v1.99.1
Scan saved at 17:04:09, on 24-Jul-06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\System32\WgaTray.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HJT\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ferrariworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = turbo.hol.gr:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [\\Plato\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P34 "\\Plato\EPSON Stylus CX3600 Series" /O6 "USB002" /M "Stylus CX3600"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on VASSILISLAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P49 "Auto EPSON Stylus CX3600 Series on VASSILISLAPTOP" /O22 "\\VASSILISLAPTOP\EPSON" /M "Stylus CX3600"
O4 - HKLM\..\Run: [\\VASSILISLAPTOP\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P43 "\\VASSILISLAPTOP\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on DESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P42 "Auto EPSON Stylus CX3600 Series on DESKTOP" /O15 "\\DESKTOP\EPSON" /M "Stylus CX3600"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\\Desktop\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "\\Desktop\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{147DDB66-960F-4CCE-8F3A-5C2FEA83F58D}: NameServer = 194.30.220.114,194.30.220.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{664A9738-1888-4E74-AA9E-4A5C1B595F34}: NameServer = 194.30.220.114,194.30.220.117
O17 - HKLM\System\CS1\Services\Tcpip\..\{147DDB66-960F-4CCE-8F3A-5C2FEA83F58D}: NameServer = 194.30.220.114,194.30.220.117
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
I'll be waiting for your coments.
Thank your for your help!
Nikos
Bod99
561 Posts
0
July 24th, 2006 16:00
Hi Nikos,
Thanks for the logs.
It's hard to keep track with the changes to the Messenger Plus program, but it looks as though you've uninstalled it OK.
The new Hijack This log is clean.
Before we discuss installation of SP2, I'd like you to carry out a couple more scans to make sure the pc is clean. As I mentioned in an earlier post, if your pc isn't clean when you install SP2 then you can have problems.
Please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.
You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Step 1
Download ATF Cleaner from http://www.atribune.org/ccount/click.php?id=1
Run ATF Cleaner. Click on the check box to select the following options:
Windows Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Recycle Bin
Click "Empty Selected". Exit when finished.
Step 2
Run Ewido and allow it to automatically update, a toolbar message balloon will confirm that update is complete. If this doesn't happen, click Update > Start Update.
Close Ewido.
Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.
Run Ewido again, click Scanner > Complete System Scan.
At the end of the scan, a list of found objects will be generated. Check through the list for false positives, and change the "Action" entry if necessary.
Click "Apply all actions"
When the actions have been completed, click Save Report > Save report as, and save report as a text file on your desktop. I will need a copy of the report contents as part of your next post. This should be much shorter this time!
Reboot as normal.
Step 3
Do an online scan with Kaspersky WebScanner at http://www.kaspersky.com/virusscanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click "Yes".
The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on "NEXT"
Now click on "Scan Settings"
In the scan settings, make sure that the following are selected:
"Scan using the following Anti-Virus database:"
Extended (if available otherwise Standard)
"Scan Options:"
Scan Archives
Scan Mail Bases
Click "OK"
Now under "select a target to scan:" Select "My Computer"
This will program will start and scan your system. The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected. Click on "Save as Text" and save the file to your desktop.
Post the Ewido and KAV scan logs as your next reply. I'll check it through, and get back to you.
Thanks,
Bod
NikosAlfa147
113 Posts
0
July 25th, 2006 17:00
In case I install SP2 when you advise me so...is the process revirsable? Can it be removed by let's say...System Restore?
Here's the logs you requested...
Karpersky Scan...
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 25, 2006 21:25:35
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 25/07/2006
Kaspersky Anti-Virus database records: 209786
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 76802
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:30:54
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\~DF4B28.tmp Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\~DF6FD2.tmp Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\~DFFAD5.tmp Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\~DFFC9F.tmp Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\~DF1BF3.tmp Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temp\~DF1C38.tmp Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\History\History.IE5\MSHist012006072520060726\index.dat Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Microsoft\Windows Live Contacts\nikosalexiadis@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Microsoft\Windows Live Contacts\nikosalexiadis@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Local Settings\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\history.dat Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\parent.lock Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cert8.db Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\key3.db Object is locked skipped
C:\Documents and Settings\Nikos Alexiadis\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{74A9FCD9-B74E-4264-890A-B203AA302CB0}\RP378\change.log Object is locked skipped
Scan process completed.
And EWIDO scan...
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:21:10 25-Jul-06
+ Scan result:
C:\Documents and Settings\Nikos Alexiadis\My Documents\Programs\Messenger Plus! - Setup.exe/sponsor.exe -> Downloader.Swizzor.ag : No action taken.
:mozilla.38:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.39:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.40:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.41:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.42:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.51:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.73:C:\Documents and Settings\Nikos Alexiadis\Application Data\Mozilla\Firefox\Profiles\n4a63x9w.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
::Report end
Note that that Downloader.Swizzor.ag is still in. I accedently skipped it. Now, however, I removed it!
Here's the report from that...
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 21:37:12 25-Jul-06
+ Scan result:
C:\Documents and Settings\Nikos Alexiadis\My Documents\Programs\Messenger Plus! - Setup.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned.
::Report end
So it looks that is all clean!