Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Solution Center

Free IT eBook

Howtos

Site Search

Message Find

RSS Feeds

Install Guides

Data Recovery

About

Home
Reply to Message Icon Go to Main Page Icon

HELP Smithfraud core

Original Message
Name: jumpinjohn
Date: May 10, 2007 at 13:53:51 Pacific
Subject: HELP Smithfraud core
OS: Win XP SP2
CPU/Ram: AMD 3200/1024
Comment:
I'm getting many popups, need help to remove. Some pop up in new IE windows, some in what appears to be a mini-browser

Ran AVG antivirus-nothing found.
Ran ad-aware
Ran Spy-bot Found Smithfraud-c Core service 4 entries

3 could not be removed, in-use
dl'ed hijack this, but don't know what to do next.


Report Offensive Message For Removal


Response Number 1
Name: jabuck
Date: May 10, 2007 at 14:09:28 Pacific
Subject: HELP Smithfraud core
Reply: (edit)
Post your Hijack This log.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.

!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!


Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


Report Offensive Follow Up For Removal

Response Number 2
Name: jumpinjohn
Date: May 10, 2007 at 14:15:38 Pacific
Subject: HELP Smithfraud core
Reply: (edit)
Thank You for the quick reply.
Logfile of HijackThis v1.99.1
Scan saved at 5:11:30 PM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/s/sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FOR...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UPSMON] C:\Program Files\Energizer FileSaver\UPSMON.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on ACER-LAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P46 "Auto EPSON Stylus CX3800 Series on ACER-LAPTOP" /O21 "\\ACER-LAPTOP\Printer" /M "Stylus CX3800"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Auto EPSON Stylus CX3800 Series on ACER-LAPTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P46 "Auto EPSON Stylus CX3800 Series on ACER-LAPTOP" /M "Stylus CX3800" /EF "HKCU"
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /FU "C:\WINDOWS\TEMP\E_S233.tmp" /EF "HKCU"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {30CADB40-6FD7-433F-BF0D-4827CA7B5BDF} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

=============================================
SmitFraudFix v2.179

Scan done at 17:13:43.92, Thu 05/10/2007
Run from C:\Documents and Settings\John S\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John S


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John S\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOHNS~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 68.87.74.162
DNS Server Search Order: 68.87.68.162

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DAABEF24-24A3-49E8-B223-DDAE958BE4A0}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DAABEF24-24A3-49E8-B223-DDAE958BE4A0}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DAABEF24-24A3-49E8-B223-DDAE958BE4A0}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Report Offensive Follow Up For Removal

Response Number 3
Name: jabuck
Date: May 10, 2007 at 14:55:15 Pacific
Subject: HELP Smithfraud core
Reply: (edit)
Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.


Report Offensive Follow Up For Removal

Response Number 4
Name: jumpinjohn
Date: May 10, 2007 at 15:42:10 Pacific
Subject: HELP Smithfraud core
Reply: (edit)
"John S" - 2007-05-10 18:21:33 Service Pack 2
ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\John S\Desktop\New Installs\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\xloadnet
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drivers\sfsync03.sys
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\JOHNS~1
C:\qoobox\purity\C\DOCUME~1\JOHNS~1\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\JOHNS~1\MYDOCU~1\CURITY~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_SFSYNC02
-------\LEGACY_SFSYNC03
-------\core
-------\sfsync02
-------\sfsync03


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-10 ))))))))))))))))))))))))))))))))))


2007-05-10 18:22 0 --a------ C:\WINDOWS\system32\sfsync03.dll
2007-05-10 18:22 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-05-10 17:07 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\MSNInstaller
2007-05-10 11:46 1 --a------ C:\WINDOWS\system32\sav950231.sys
2007-05-10 00:32 3,578 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-10 00:30 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-10 00:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-10 00:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-09 21:19 1 --a------ C:\WINDOWS\system32\sav970451.sys
2007-05-09 21:19 1 --a------ C:\WINDOWS\system32\sav80231.sys
2007-05-09 21:18 1 --a------ C:\WINDOWS\system32\sav87312.sys
2007-05-09 21:18 <DIR> d-------- C:\Temp\tn3
2007-05-09 21:17 85,960 --a------ C:\WINDOWS\system32\update.exe
2007-05-09 21:17 5,836,800 --a------ C:\WINDOWS\system32\3D Supernova.scr
2007-05-09 21:17 5,570,560 --a------ C:\WINDOWS\system32\3D Galaxy Journey.scr
2007-05-09 21:17 4,014,080 --a------ C:\WINDOWS\system32\3D Interstellar Voyager.scr
2007-05-09 21:17 3,878,912 --a------ C:\WINDOWS\system32\3D Solar Traveler.scr
2007-05-09 21:17 291,776 --a------ C:\WINDOWS\system32\DealioKit97-stub-0.exe
2007-05-09 21:17 2,226,176 --a------ C:\WINDOWS\system32\3D Solar System.scr
2007-05-09 21:17 <DIR> d-------- C:\Program Files\Dealio
2007-05-09 21:17 <DIR> d-------- C:\Program Files\3Deep Space
2007-05-06 14:29 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\Media Player Classic
2007-05-06 11:25 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-06 11:25 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-05-06 11:25 639,066 --a------ C:\WINDOWS\system32\divx.dll
2007-05-06 11:25 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-05-06 11:25 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-05-06 11:25 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-05-06 11:25 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-05-06 11:25 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-05-06 11:25 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-06 11:25 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-05-06 11:25 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-05-06 11:25 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-05-06 00:12 278,016 --a------ C:\WINDOWS\system32\vct3216.dll
2007-05-06 00:07 <DIR> d-------- C:\Temp
2007-05-05 21:31 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-03 23:34 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\Azureus
2007-05-03 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-04-23 13:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
2007-04-23 13:42 76,800 --a------ C:\WINDOWS\system32\E_FLBACA.DLL
2007-04-23 13:42 62,976 --a------ C:\WINDOWS\system32\E_FD4BACA.DLL
2007-04-23 12:30 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-04-23 12:29 <DIR> d-------- C:\Program Files\MSBuild
2007-04-23 12:29 <DIR> d-------- C:\Program Files\Microsoft Works
2007-04-23 12:26 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-23 12:25 <DIR> dr-h----- C:\MSOCache
2007-04-23 12:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-04-21 00:46 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2007-04-20 23:32 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\WinPatrol
2007-04-20 23:29 <DIR> d-------- C:\Program Files\BillP Studios
2007-04-20 17:33 <DIR> d-------- C:\WINDOWS\pss
2007-04-20 13:13 <DIR> d-------- C:\Program Files\Windows Defender
2007-04-18 23:25 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\ErrorProtector Free
2007-04-18 23:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free
2007-04-17 11:32 94,208 --a------ C:\WINDOWS\Dream Aquarium.scr
2007-04-17 11:32 <DIR> d-------- C:\Program Files\Dream Aquarium
2007-04-15 23:44 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-04-15 14:52 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-15 14:52 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-04-15 14:52 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-15 14:52 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-04-15 14:52 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-15 14:52 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-15 14:52 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-04-15 14:52 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-15 14:52 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-14 02:05 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-04-14 02:05 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-04-14 02:05 22,584 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-13 15:15 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-04-13 15:15 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-04-13 14:04 96,256 --a------ C:\WINDOWS\system32\drivers\sptd9805.sys
2007-04-13 14:04 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-13 00:27 164,992 --a------ C:\WINDOWS\system32\drivers\athsgt.sys
2007-04-13 00:27 12,544 --a------ C:\WINDOWS\system32\drivers\limsgt.sys
2007-04-12 18:40 <DIR> d-------- C:\DOCUME~1\JOHNS~1\.jpi_cache
2007-04-12 14:01 61,598 --a------ C:\WINDOWS\system32\E_SL2352.DLL
2007-04-12 14:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2007-04-12 14:01 32,768 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2007-04-12 14:01 145 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2007-04-12 13:59 <DIR> d-------- C:\epson
2007-04-12 13:04 <DIR> d-------- C:\WINDOWS\system32\Parsons
2007-04-12 13:04 <DIR> d-------- C:\WINDOWS\lhsp
2007-04-12 13:03 <DIR> d-------- C:\WINDOWS\Bbstore
2007-04-12 13:03 <DIR> d-------- C:\Program Files\Quicken Legal Products
2007-04-11 01:27 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-04-10 16:07 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\Talkback
2007-04-10 16:06 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-04-10 16:06 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\Thunderbird
2007-04-10 16:05 <DIR> d-------- C:\Program Files\EmailStripper


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-10 12:09:53 -------- d-----w C:\Program Files\AVG Free
2007-05-10 12:09:40 -------- d-----w C:\Program Files\Energizer FileSaver
2007-05-08 23:55:45 -------- d-----w C:\DOCUME~1\JOHNS~1\APPLIC~1\BitTorrent
2007-05-06 01:31:59 -------- d-----w C:\Program Files\QuickTime
2007-05-02 00:27:09 -------- d-----w C:\Program Files\FileSmile
2007-05-01 15:05:49 20 ----a-w C:\WINDOWS\system32\msdtec.dll
2007-04-24 15:26:20 -------- d-----w C:\DOCUME~1\JOHNS~1\APPLIC~1\Roxio
2007-04-22 19:05:37 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-21 15:45:05 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-03-21 13:45:53 -------- d-----w C:\DOCUME~1\JOHNS~1\APPLIC~1\AdobeUM
2007-03-18 20:15:28 -------- d-----w C:\Program Files\DV 4500
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 04:33:24 -------- d-----w C:\Program Files\BitTorrent
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-25 02:10:31 3,772 ----a-w C:\WINDOWS\mozver.dat
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
"{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Program Files\Windows Live Toolbar\msntb.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\AVGFRE~1\\avgcc.exe /STARTUP"
"UPSMON"="C:\\Program Files\\Energizer FileSaver\\UPSMON.exe"
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"Auto EPSON Stylus CX3800 Series on ACER-LAPTOP"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P46 \"Auto EPSON Stylus CX3800 Series on ACER-LAPTOP\" /O21 \"\\\\ACER-LAPTOP\\Printer\" /M \"Stylus CX3800\""
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"CTStartup"="C:\\Program Files\\Creative\\SBAudigy\\Program\\CTEaxSpl.EXE /run"
"CTHelper"="CTHELPER.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"ElbyCheckElbyCDFL"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Auto EPSON Stylus CX3800 Series on ACER-LAPTOP"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P46 \"Auto EPSON Stylus CX3800 Series on ACER-LAPTOP\" /M \"Stylus CX3800\" /EF \"HKCU\""
"Start WingMan Profiler"="\"C:\\Program Files\\Logitech\\Profiler\\lwemon.exe\" /noui"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe"
"EPSON Stylus CX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /FU \"C:\\WINDOWS\\TEMP\\E_S233.tmp\" /EF \"HKCU\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\easytunev
C:\Program Files\Gigabyte\ET5\GUI.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\efax 4.2
"C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jet detection
C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
nwiz.exe /install

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\roxiodragtodisc
"C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updatemgr
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updreg
C:\WINDOWS\Updreg.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xloadnet
"C:\Program Files\xloadnet\xloadnet.exe"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-10 18:29:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-10 18:30:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-10 18:30
C:\ComboFix2.txt ... 2007-05-09 22:01
C:\ComboFix3.txt ... 2007-04-22 16:39


Report Offensive Follow Up For Removal

Response Number 5
Name: jabuck
Date: May 10, 2007 at 16:53:07 Pacific
Subject: HELP Smithfraud core
Reply: (edit)
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Exit Hijack This but remain in safe mode.

Run Killbox from safe mode. Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\sfsync03.dll

C:\WINDOWS\system32\sfsync02.dll

C:\WINDOWS\system32\sav950231.sys

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\sav970451.sys

C:\WINDOWS\system32\sav80231.sys

C:\WINDOWS\system32\sav87312.sys

C:\Temp\tn3

Return to Killbox, go to the File menu, and choose Paste from Clipboard.


Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

Next, navigate to and delete these folders if found:

C:\qoobox

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Reboot to normal mode.

Open notepad (Start Menu > Run > Type notepad and press "ok".

Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xloadnet]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Post the AVG AntiSpyware report please and a new combofix log.


Report Offensive Follow Up For Removal


Response Number 6
Name: jumpinjohn
Date: May 10, 2007 at 19:14:48 Pacific
Subject: HELP Smithfraud core
Reply: (edit)

AVG Anti-Spyware - Scan Report


+ Created at: 10:01:18 PM 5/10/2007

+ Scan result:

C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned.
:mozilla.269:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.270:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.271:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.272:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.273:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.203:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.214:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.215:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.216:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.218:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.219:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.220:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.221:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.222:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.223:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.224:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.225:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.226:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.227:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.228:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.229:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.230:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.232:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.233:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.234:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.235:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.236:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.237:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.238:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.239:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.240:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.241:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.242:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.243:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.244:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.245:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.246:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.247:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.248:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.249:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.250:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.251:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.252:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.253:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.254:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.255:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.256:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.257:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.258:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.259:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.260:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.343:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.359:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.462:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.479:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.562:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.695:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.292:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.293:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.294:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.295:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.300:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.301:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.302:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.115:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.117:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.118:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.99:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.830:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.342:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.831:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.718:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.719:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.365:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.366:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.367:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.142:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.372:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.373:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.374:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.375:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.380:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.381:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.382:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.383:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.82:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.130:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.400:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.297:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.298:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.299:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.317:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.318:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.842:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.465:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.466:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.781:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.782:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.783:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.785:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.786:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.787:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.790:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.791:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.792:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.793:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.794:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.98:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.92:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.93:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.138:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.139:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.140:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.565:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.109:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.75:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.76:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.77:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.79:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.80:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.86:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.87:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.207:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.208:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.209:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.210:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.211:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.577:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.578:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.579:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.580:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.581:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.582:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.583:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.584:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.585:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.586:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.587:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.588:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.589:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.590:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.591:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.592:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.593:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.594:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.595:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.596:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.597:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.598:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.599:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.600:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.601:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.602:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.723:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.407:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.408:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.409:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.410:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.411:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.412:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.413:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.414:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.415:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.416:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.862:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Safer-networking : Cleaned.
:mozilla.339:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.611:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.612:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.613:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.614:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.615:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.627:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.628:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.629:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.630:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.631:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.188:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.650:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.651:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.652:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.653:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.654:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.655:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.725:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.669:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.670:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.671:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.672:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.673:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.674:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.675:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.676:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.677:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.45:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.46:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.768:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.799:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.715:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.199:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.200:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.201:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.202:C:\Documents and Settings\John S\Application Data\Mozilla\Firefox\Profiles\gzag4fpy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\update.exe -> Trojan.Agent : Cleaned.
C:\Documents and Settings\John S\Desktop\New Installs\windows crack\XP Genuine_In_5_sec_2\Windows Toolkit.zip/windowsxp_keygen.exe -> Trojan.Small.edz : Cleaned.


::Report end

__________________________________________

"John S" - 2007-05-10 22:09:51 Service Pack 2
ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\John S\Desktop\New Installs\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-10 ))))))))))))))))))))))))))))))))))


2007-05-10 21:01 <DIR> d-------- C:\!KillBox
2007-05-10 20:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-10 18:30 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-10 17:07 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\MSNInstaller
2007-05-10 00:30 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-10 00:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-10 00:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-09 21:17 5,836,800 --a------ C:\WINDOWS\system32\3D Supernova.scr
2007-05-09 21:17 5,570,560 --a------ C:\WINDOWS\system32\3D Galaxy Journey.scr
2007-05-09 21:17 4,014,080 --a------ C:\WINDOWS\system32\3D Interstellar Voyager.scr
2007-05-09 21:17 3,878,912 --a------ C:\WINDOWS\system32\3D Solar Traveler.scr
2007-05-09 21:17 291,776 --a------ C:\WINDOWS\system32\DealioKit97-stub-0.exe
2007-05-09 21:17 2,226,176 --a------ C:\WINDOWS\system32\3D Solar System.scr
2007-05-09 21:17 <DIR> d-------- C:\Program Files\Dealio
2007-05-09 21:17 <DIR> d-------- C:\Program Files\3Deep Space
2007-05-06 14:29 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\Media Player Classic
2007-05-06 11:25 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-06 11:25 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-05-06 11:25 639,066 --a------ C:\WINDOWS\system32\divx.dll
2007-05-06 11:25 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-05-06 11:25 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-05-06 11:25 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-05-06 11:25 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-05-06 11:25 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-05-06 11:25 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-06 11:25 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-05-06 11:25 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-05-06 11:25 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-05-06 00:12 278,016 --a------ C:\WINDOWS\system32\vct3216.dll
2007-05-06 00:07 <DIR> d-------- C:\Temp
2007-05-05 21:31 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-03 23:34 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\Azureus
2007-05-03 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-04-23 13:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
2007-04-23 13:42 76,800 --a------ C:\WINDOWS\system32\E_FLBACA.DLL
2007-04-23 13:42 62,976 --a------ C:\WINDOWS\system32\E_FD4BACA.DLL
2007-04-23 12:30 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-04-23 12:29 <DIR> d-------- C:\Program Files\MSBuild
2007-04-23 12:29 <DIR> d-------- C:\Program Files\Microsoft Works
2007-04-23 12:26 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-23 12:25 <DIR> dr-h----- C:\MSOCache
2007-04-23 12:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-04-21 00:46 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2007-04-20 23:32 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\WinPatrol
2007-04-20 23:29 <DIR> d-------- C:\Program Files\BillP Studios
2007-04-20 17:33 <DIR> d-------- C:\WINDOWS\pss
2007-04-20 13:13 <DIR> d-------- C:\Program Files\Windows Defender
2007-04-18 23:25 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\ErrorProtector Free
2007-04-18 23:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ErrorProtector Free
2007-04-17 11:32 94,208 --a------ C:\WINDOWS\Dream Aquarium.scr
2007-04-17 11:32 <DIR> d-------- C:\Program Files\Dream Aquarium
2007-04-15 23:44 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-04-15 14:52 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-15 14:52 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-04-15 14:52 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-15 14:52 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-04-15 14:52 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-15 14:52 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-15 14:52 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-04-15 14:52 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-15 14:52 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-14 02:05 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-04-14 02:05 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-04-14 02:05 22,584 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-04-13 15:15 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-04-13 15:15 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-04-13 14:04 96,256 --a------ C:\WINDOWS\system32\drivers\sptd9805.sys
2007-04-13 14:04 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-13 00:27 164,992 --a------ C:\WINDOWS\system32\drivers\athsgt.sys
2007-04-13 00:27 12,544 --a------ C:\WINDOWS\system32\drivers\limsgt.sys
2007-04-12 18:40 <DIR> d-------- C:\DOCUME~1\JOHNS~1\.jpi_cache
2007-04-12 14:01 61,598 --a------ C:\WINDOWS\system32\E_SL2352.DLL
2007-04-12 14:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2007-04-12 14:01 32,768 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2007-04-12 14:01 145 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2007-04-12 13:59 <DIR> d-------- C:\epson
2007-04-12 13:04 <DIR> d-------- C:\WINDOWS\system32\Parsons
2007-04-12 13:04 <DIR> d-------- C:\WINDOWS\lhsp
2007-04-12 13:03 <DIR> d-------- C:\WINDOWS\Bbstore
2007-04-12 13:03 <DIR> d-------- C:\Program Files\Quicken Legal Products
2007-04-11 01:27 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-04-10 16:07 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\Talkback
2007-04-10 16:06 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-04-10 16:06 <DIR> d-------- C:\DOCUME~1\JOHNS~1\APPLIC~1\Thunderbird
2007-04-10 16:05 <DIR> d-------- C:\Program Files\EmailStripper


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-11 02:03:56 -------- d-----w C:\Program Files\Energizer FileSaver
2007-05-10 12:09:53 -------- d-----w C:\Program Files\AVG Free
2007-05-08 23:55:45 -------- d-----w C:\DOCUME~1\JOHNS~1\APPLIC~1\BitTorrent
2007-05-06 01:31:59 -------- d-----w C:\Program Files\QuickTime
2007-05-02 00:27:09 -------- d-----w C:\Program Files\FileSmile
2007-05-01 15:05:49 20 ----a-w C:\WINDOWS\system32\msdtec.dll
2007-04-24 15:26:20 -------- d-----w C:\DOCUME~1\JOHNS~1\APPLIC~1\Roxio
2007-04-22 19:05:37 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-21 15:45:05 -------- d-----w C:\Program Files\Windows Live Safety Center
2007-03-21 13:45:53 -------- d-----w C:\DOCUME~1\JOHNS~1\APPLIC~1\AdobeUM
2007-03-18 20:15:28 -------- d-----w C:\Program Files\DV 4500
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 04:33:24 -------- d-----w C:\Program Files\BitTorrent
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-25 02:10:31 3,772 ----a-w C:\WINDOWS\mozver.dat
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
"{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"="C:\Program Files\Windows Live Toolbar\msntb.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\AVGFRE~1\\avgcc.exe /STARTUP"
"UPSMON"="C:\\Program Files\\Energizer FileSaver\\UPSMON.exe"
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"Auto EPSON Stylus CX3800 Series on ACER-LAPTOP"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P46 \"Auto EPSON Stylus CX3800 Series on ACER-LAPTOP\" /O21 \"\\\\ACER-LAPTOP\\Printer\" /M \"Stylus CX3800\""
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"CTStartup"="C:\\Program Files\\Creative\\SBAudigy\\Program\\CTEaxSpl.EXE /run"
"CTHelper"="CTHELPER.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"ElbyCheckElbyCDFL"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"e:\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Auto EPSON Stylus CX3800 Series on ACER-LAPTOP"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /P46 \"Auto EPSON Stylus CX3800 Series on ACER-LAPTOP\" /M \"Stylus CX3800\" /EF \"HKCU\""
"Start WingMan Profiler"="\"C:\\Program Files\\Logitech\\Profiler\\lwemon.exe\" /noui"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe"
"EPSON Stylus CX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACA.EXE /FU \"C:\\WINDOWS\\TEMP\\E_S233.tmp\" /EF \"HKCU\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="e:\AVG Anti-Spyware 7.5\shellexecutehook.dll"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\easytunev
C:\Program Files\Gigabyte\ET5\GUI.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\efax 4.2
"C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jet detection
C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
nwiz.exe /install

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\roxiodragtodisc
"C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updatemgr
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updreg
C:\WINDOWS\Updreg.exe


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-10 22:11:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run????????????x??????s$????\?w? ?w???????w???w4???????.??w4???????4???TA?s4??? ????&????A~??A~ ???????\???\???????$???U?A~??A~\???\???????X"a???????B~\???\??????s ???\??????s\????&??A??s?&????B~???

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-10 22:11:32
C:\ComboFix-quarantined-files.txt ... 2007-05-10 22:11
C:\ComboFix2.txt ... 2007-05-10 18:30
C:\ComboFix3.txt ... 2007-05-09 22:01

Thank You.


Report Offensive Follow Up For Removal

Response Number 7
Name: jabuck
Date: May 10, 2007 at 19:26:12 Pacific
Subject: HELP Smithfraud core
Reply: (edit)
Looks good, how it the computer operating?

Report Offensive Follow Up For Removal

Response Number 8
Name: jumpinjohn
Date: May 10, 2007 at 19:39:11 Pacific
Subject: HELP Smithfraud core
Reply: (edit)
Working great so far.

Thanks so much for your assistance.
You all are awesome here!


Report Offensive Follow Up For Removal

Response Number 9
Name: jabuck
Date: May 10, 2007 at 19:41:44 Pacific
Subject: HELP Smithfraud core
Reply: (edit)
Glad we could help.

Report Offensive Follow Up For Removal

Response Number 10
Name: dowjones
Date: July 5, 2007 at 10:07:34 Pacific
Subject: HELP Smithfraud core
Reply: (edit)
SpyBotS&D will remove this "crud" IF the computer is booted into the safe mode and SpyBotS&D is run.

Report Offensive Follow Up For Removal



Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: HELP Smithfraud core

Comments:
         

 
  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 


Data Recovery Software



how to setup call of duty to joytok

WindowsME / HotMail Problem

Corrupt memory

Convert fat32 to Ntfs

Best WinMo phone of 2008

The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net, LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE

All content ©1996-2007 Computing.Net, LLC