Need W32.Myzor.FK@yf Help [page 5/7]

AfterDawn.com

Mobile/PDA About Us Advertise here


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Saturday 30.8.2025 / 05:03

Search AfterDawn Forums:

In English

Suomeksi

På svenska

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need w32.myzor.fk@yf help

Browse by topic

Forums

Forums

Start a new thread

Need W32.Myzor.FK@yf Help

Jump to:

Posted

Message

Page:	< Previous	1	2	3	4	5	6	7	Next >

Senior Member

14. June 2006 @ 07:25

Link to this message

@banpaint

Ok your smitfraudfix log looks clean, but to ensure that you're clean, I'll need to see your HijackThis log. And don't worry, if you don't fix anything yourself, it won't harm your computer.

Instructions for posting -> http://forums.afterdawn.com/thread_view.cfm/263784
(steps 3-5)

------------------------------------------------------------
@ckchamber

Hi, your Norton propably just didn't reconize the malware...

But don't worry, if you follow the "stay clean"- instructions on my last message to you, you'll be pretty safe :)

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

Advertisement

banpaint

Newbie

15. June 2006 @ 07:40

Link to this message

thanks for the help japk here is the hijack this scan results:

Logfile of HijackThis v1.99.1
Scan saved at 16:37:24, on 15/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gail Bishop\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

aspefan

Newbie

15. June 2006 @ 09:35

Link to this message

Hi JaPK,
sorry to bother you, but I am re-sending my logs from June 13th, since I haven't heard from you thereafter. I would appreciate very much if you could have a look and confirm whether all is clean now or still something needs to be done. Thanks.

My message from June 13th:
it finally worked, below all my logs from today:

Logfile of HijackThis v1.99.1
Scan saved at 20:51:31, on 13/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\Program Files\RF Wireless Mouse\cm20.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Carrefour Offline Software\Agent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\LUC~1.BEL\LOCALS~1\Temp\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Carrefour Offline Software\Agent.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: officejet 6100.lnk = ?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploa...
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

---------------------------------------------------------
ewido anti-malware - Scan rapport
---------------------------------------------------------

+ Gemaakt op: 20:49:13, 13/06/2006
+ Rapport samenvatting: F89B4EB8

+ Scan resultaten:

Geen geinfecteerde bestanden gevonden! (= No infected files found)

::Einde rapport

SmitFraudFix v2.60

Scan done at 19:58:56,18, di 13/06/2006
Run from C:\Program Files\Smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

I got my original homepage back already. Hope you can confirm that all is clean now.....

Senior Member

15. June 2006 @ 10:17

Link to this message

@banpaint

Ok you're almost clean...

You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Cleaning instructions:

Move HijackThis into its own folder C:\HJT

Update your Ewido.

Go to Control Panel -> Add/Remove programs -> Remove PartyPoker if found

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Program Files\PartyGaming

Scan and clean your computer with Ewido and save the report.

Clean the Recycle bin and make your hidden files visible again.

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log

-----------------------------------------------------------------------------------------------------------------

@aspefan

Hi and sorry for the delay, I must have lost your answer because there is so many users at the same time in this thread....

Ok you're almost clean...

Cleaning instructions:

Move HijackThis into its own folder C:\HJT

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Program Files\IM Names

Clean the Recycle bin and make your hidden files visible again.

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

Stash101

Newbie

15. June 2006 @ 11:52

Link to this message

Thank So much for your help.

Senior Member

15. June 2006 @ 19:54

Link to this message

You're welcome Stash101 :)

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

aspefan

Newbie

15. June 2006 @ 23:38

Link to this message

No problem JaPK, I appreciate very much what you guys are doing here.
Attached, following your latest instructions, a fresh HjT-log:

Logfile of HijackThis v1.99.1
Scan saved at 9:36:06, on 16/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\RF Wireless Mouse\cm20.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Carrefour Offline Software\Agent.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: officejet 6100.lnk = ?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopModules/SpectorAlbum/ImageUploa...
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Senior Member

16. June 2006 @ 06:49

Link to this message

Hi again aspefan, you're clean now :)

Now that you're clean, here are some tips how to stay clean.

-> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.

-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.

-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

-> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?

Stay clean ;)

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

aspefan

Newbie

16. June 2006 @ 07:42

Link to this message

Thanks a million JaPK. Really appreciated your help.
Kind regards.

Senior Member

16. June 2006 @ 07:52

Link to this message

You're welcome :)

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

ckchamber

Newbie

16. June 2006 @ 10:43

Link to this message

sorry for the delay in this, but thank you for the help in removing the ad-ware from my Machine

regards

Chris Chambers
IT Consultant

Senior Member

16. June 2006 @ 21:50

Link to this message

You're welcome too ckchamber ;)

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

chook84

Newbie

18. June 2006 @ 02:36

Link to this message

Hi - I need some help -we've gotten this virus too somehow some way...

I've looked at what you've said to do - I've downloaded Hijack This and also ewido...

But all I've done is the system check things I haven't deleted anything... just got the logs so you can help me...

The log after running Smitfraudfix is...

SmitFraudFix v2.61

Scan done at 19:21:42.93, Sun 06/18/2006
Run from C:\Documents and Settings\Kim\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kim\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kim\FAVORI~1

C:\DOCUME~1\Kim\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f85e05f5-667e-41b0-ab8a-147337a99e65}"="bloodthirst"

[HKEY_CLASSES_ROOT\CLSID\{f85e05f5-667e-41b0-ab8a-147337a99e65}\InProcServer32]
@="C:\WINDOWS\system32\xuefh.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{f85e05f5-667e-41b0-ab8a-147337a99e65}\InProcServer32]
@="C:\WINDOWS\system32\xuefh.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

and the Hijack This log

Logfile of HijackThis v1.99.1
Scan saved at 8:25:14 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Vet\isafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Vet\VetMsg.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Vet\VetTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\Kim\Desktop\Hijack This\HijackThis_v1.99.1.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEF51142-0858-4BB6-BF82-85BF1CFBB7C8}: NameServer = 203.2.75.132 198.142.0.51
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Vet\isafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe

Any help muchly appreciated!! Thanks

Senior Member

18. June 2006 @ 05:20

Link to this message

Hi chook84.

Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Post a new HijackThis log along with the contents of C:\Rapport.txt

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

Roc2

Newbie

18. June 2006 @ 06:37

Link to this message

Hi - I gotten this virus too and would appreciate your help.
I've tried many antivirus/spyware/malware with no luck.

I've looked at what you've said to do - I've downloaded Hijack This and also ewido
Here are the logs after running Smitfraudfix and HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 9:30:51 AM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP OfficeJet Series 500\bin\ktchnsnk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP OfficeJet Series 500] "C:\Program Files\HP OfficeJet Series 500\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet Series 500\Install"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E754EFDE-BD03-4C0B-9432-AF0FC9959D05}: NameServer = 205.171.3.65,205.171.2.65
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

SmitFraudFix v2.61

Scan done at 9:35:28.84, Sun 06/18/2006
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rosco\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Rosco\FAVORI~1

C:\DOCUME~1\Rosco\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

Hiwatha

Newbie

18. June 2006 @ 11:33

Link to this message

I, too, am having trouble with this pesky W32.Myzor thing. I tried the fix that was posted and couldn't get Smithfraud to work or unzip properly. It kept going to a DOS prompt. (Beats me!) When I ran HjT, I was told by a friend to fix 04 Startup: protected and 04 global Startup: protected and neither would fix.

Please help. My home page has been diverted and I don't trust any of the spyware removers posted on the page.

Thanks.

jcogswell

Newbie

19. June 2006 @ 09:37

Link to this message

HELP! Kids went on my computer and now I have this virus. Here is my HjT log. Thanks for your help in advance.

Logfile of HijackThis v1.99.1
Scan saved at 1:29:35 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\AOL\1140134680\ee\AOLSoftware.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://us7.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} -

C:\WINDOWS\system32\hp100.tmp
O2 - BHO: AcroIEToolbarHelper Class -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -

C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb}

- C:\Program Files\Security Toolbar\Security Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

- C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage

RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program

Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital

Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS

Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD]

C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media

Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP

DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD

Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1140134680\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program

Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common

Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program

Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp

center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk =

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program

Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...

uweb_site.cab?1129014117500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...

/muweb_site.cab?1129119539625
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client

Control (redist)) - https://207.155.242.147/Remote/msrdp.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer

Class) -

http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtool...

downloads/player/Install2.5/Installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)

-

https://wealthcounsel.webex.com/client/v_mywebex-t20/support/ieatgpc.ca

b
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} -

C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Program

Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe

Senior Member

19. June 2006 @ 10:32

Link to this message

@Roc2

Hi, you got some infections on your computer....

You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Cleaning instructions:

Update your Ewido but do NOT run a scan yet. We'll use it later.

Open Notepad
-> copy the following lines into a new document:

@echo off
sc stop MySQL
sc delete MySQL

Save the document to your desktop as Removal.bat and filetype: All Files
Go to your desktop and run the file Removal.bat and answer yes to any questions.

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these files (if found):
C:\Program.exe

Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Scan and clean your computer with Ewido and save the report.

Clean the Recycle bin and make your hidden files visible again.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> contents of C:\Rapport.txt

----------------------------------------------------------------------------------------------------

@jcogswell

Hi.

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here along with a fresh HijackThis log.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 19. June 2006 @ 10:33

jcogswell

Newbie

19. June 2006 @ 13:33

Link to this message

Ok here you are.

SmitFraudFix v2.62

Scan done at 17:27:22.95, Mon 06/19/2006
Run from C:\Documents and

Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and

Settings\Administrator\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1

C:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Security Toolbar\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet

Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\

SharedTaskScheduler]
"{f85e05f5-667e-41b0-ab8a-147337a99e65}"="bloodthirst"

[HKEY_CLASSES_ROOT\CLSID\{f85e05f5-667e-41b0-ab8a-147337a99e65}\InProcS

erver32]
@="C:\WINDOWS\system32\xuefh.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{f85e05f5-667e-41b0-ab8a-1473

37a99e65}\InProcServer32]
@="C:\WINDOWS\system32\xuefh.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

jcogswell

Newbie

19. June 2006 @ 15:18

Link to this message

Just posted the other file above and here is the new HjT file aftetr running the smitfraudfix. THanks, Jenny
Logfile of HijackThis v1.99.1
Scan saved at 7:17:34 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\AOL\1140134680\ee\AOLSoftware.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://us7.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} -

C:\WINDOWS\system32\hp100.tmp
O2 - BHO: AcroIEToolbarHelper Class -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -

C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb}

- C:\Program Files\Security Toolbar\Security Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

- C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage

RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program

Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital

Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS

Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD]

C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media

Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP

DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD

Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1140134680\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program

Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common

Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program

Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp

center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk =

C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program

Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...

uweb_site.cab?1129014117500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

-

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...

/muweb_site.cab?1129119539625
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client

Control (redist)) - https://207.155.242.147/Remote/msrdp.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer

Class) -

http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtool...

downloads/player/Install2.5/Installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)

-

https://wealthcounsel.webex.com/client/v_mywebex-t20/support/ieatgpc.ca

b
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} -

C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Program

Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe

chook84

Newbie

20. June 2006 @ 03:12

Link to this message

Results from the two scans...

SmitFraudFix v2.61

Scan done at 20:56:56.37, Tue 06/20/2006
Run from C:\Documents and Settings\Kim\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f85e05f5-667e-41b0-ab8a-147337a99e65}"="bloodthirst"

[HKEY_CLASSES_ROOT\CLSID\{f85e05f5-667e-41b0-ab8a-147337a99e65}\InProcServer32]
@="C:\WINDOWS\system32\xuefh.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{f85e05f5-667e-41b0-ab8a-147337a99e65}\InProcServer32]
@="C:\WINDOWS\system32\xuefh.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

Problem while deleting C:\WINDOWS\system32\atmclk.exe
Problem while deleting C:\WINDOWS\system32\dcomcfg.exe
Problem while deleting C:\WINDOWS\system32\hp???.tmp
Problem while deleting C:\WINDOWS\system32\hp????.tmp
Problem while deleting C:\WINDOWS\system32\ld????.tmp
C:\WINDOWS\system32\ot.ico Deleted
Problem while deleting C:\WINDOWS\system32\regperf.exe
C:\WINDOWS\system32\simpole.tlb Deleted
Problem while deleting C:\WINDOWS\system32\stdole3.tlb
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\Kim\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\xuefh.dll -> Missing File

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f85e05f5-667e-41b0-ab8a-147337a99e65}"="bloodthirst"

[HKEY_CLASSES_ROOT\CLSID\{f85e05f5-667e-41b0-ab8a-147337a99e65}\InProcServer32]
@="C:\WINDOWS\system32\xuefh.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{f85e05f5-667e-41b0-ab8a-147337a99e65}\InProcServer32]
@="C:\WINDOWS\system32\xuefh.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of HijackThis v1.99.1
Scan saved at 9:01:25 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Vet\isafe.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Vet\VetMsg.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Vet\VetTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Documents and Settings\Kim\Desktop\Hijack This\HijackThis_v1.99.1.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Vet\isafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe

Roc2

Newbie

20. June 2006 @ 05:01

Link to this message

Here are my reports after scanning.

SmitFraudFix v2.61

Scan done at 7:07:19.00, Tue 06/20/2006
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation"

[HKEY_CLASSES_ROOT\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\system32\hzclqhc.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}\InProcServer32]
@="C:\WINDOWS\system32\hzclqhc.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\DOCUME~1\Rosco\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\SpywareQuake.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\hzclqhc.dll -> Missing File

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:54:16 AM, 6/20/2006
+ Report-Checksum: 3B8617F7

+ Scan result:

:mozilla.28:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Rosco\Application Data\Mozilla\Firefox\Profiles\l9t8lxq7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Rosco\Cookies\rosco@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Rosco\Cookies\rosco@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Rosco\Cookies\rosco@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Rosco\Cookies\rosco@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Rosco\Cookies\rosco@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.10:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.11:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.12:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.13:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.23:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.24:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.25:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.44:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.45:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.46:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.53:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.54:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.55:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.56:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.57:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.58:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.59:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.60:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.64:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.66:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.67:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.68:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.69:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.70:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.71:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.72:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.73:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.74:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.75:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.76:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.77:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.78:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.79:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.80:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.81:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.84:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.90:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.91:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.94:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.98:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.99:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.100:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.101:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.117:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.118:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.119:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.120:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.157:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.171:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.172:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.174:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.190:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.191:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.192:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.194:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.196:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.197:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.198:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.203:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.204:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.243:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.247:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.254:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.255:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.256:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.270:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.277:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.282:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.285:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.286:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.288:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Clickagents : Cleaned with backup
:mozilla.301:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.302:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.305:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.306:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.311:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.312:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.328:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.329:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.339:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.344:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.351:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.352:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.353:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.364:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.365:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\ix0i9e1b.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.6:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup
:mozilla.7:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup
:mozilla.8:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup
:mozilla.9:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup
:mozilla.10:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Xxxtoolbar : Cleaned with backup
:mozilla.16:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.17:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.18:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.19:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.22:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.23:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.24:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.25:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.31:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.33:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.34:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.36:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.38:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.39:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.48:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.49:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.52:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.53:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.54:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.55:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.56:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.57:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.58:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.59:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.60:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.68:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.69:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.70:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.71:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.90:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Itrack : Cleaned with backup
:mozilla.91:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.92:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Itrack : Cleaned with backup
:mozilla.93:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.94:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.103:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.104:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.105:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.106:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.107:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.108:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.109:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.110:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.111:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.112:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.113:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.114:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.115:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.116:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.117:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.118:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.119:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.120:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.123:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.126:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.129:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.131:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.132:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.157:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.158:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.164:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.165:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.166:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.167:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.180:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.181:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.186:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.187:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.207:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.214:E:\Backup XP 2004&5\Documents and Settings\Roc\Application Data\Mozilla\Firefox\Profiles\n3r0tg2e.Roc\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@ehg-cafepress.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@ehg-newegg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@ehg-tigerdirect.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@ehg-tigerdirect2.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
E:\Backup XP 2004&5\Documents and Settings\Roc\Cookies\roc@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
E:\Saved Programs\Music\kazaa md.exe/cd_clint.dll -> Adware.Cydoor : Cleaned with backup
E:\Saved Programs\Music\kazaa md.exe/cd_htm.dll -> Adware.Cydoor : Cleaned with backup
E:\Saved Programs\R\Rbackup\ICQ\NDetect.exe -> Backdoor.IP_Protect : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 8:01:02 AM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP OfficeJet Series 500\bin\ktchnsnk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN

Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP OfficeJet Series 500] "C:\Program Files\HP OfficeJet Series 500\bin\ktchnsnk.exe"

-reg "Software\Hewlett-Packard\OfficeJet Series 500\Install"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite codec Pack\QuickTime\qttask.exe" -

atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"

AcRdB7_0_7 -reboot 1
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0

\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program

Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} -

C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file

missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-

0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E754EFDE-BD03-4C0B-9432-AF0FC9959D05}: NameServer

= 205.171.3.65,205.171.2.65
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1

\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32

\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-

malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-

malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program

Files\Webroot\Spy Sweeper\WRSSSDK.exe

Looks like quite a few infections.
I used Ad-Aware, Spybot search and destroy, avg, housecall.trendmicro.com,Xsoftspy, spysweeper, and now your programs. Hope this does it. :-) (What a pain)

Senior Member

20. June 2006 @ 06:52

Link to this message

Sorry for the delay, I've been busy :)

@jcogswell

You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Ok, you got some infections on your computer....

Cleaning instructions:

Move HijackThis into its own folder C:\HJT

Download and install Ewido anti-malware -> http://www.ewido.net/en/download
Update it, but do NOT run a scan yet. We'll use it later.

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Scan and clean your computer with Ewido and save the report.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> contents of C:\Rapport.txt

--------------------------------------------------------------------------------------------------------------

@chook84

Ok, not clean yet.

Remove the old version of smitfraudfix and download the latest version of SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Unzip it (folder named SmitFraudFix) to your desktop.

Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Pos a fresh HijackThis log to here too...

--------------------------------------------------------------------------------------------------------------

@Roc2

Ok looks clean now :)

You should update your Java (old version has all kinds of vulnerabilities)
1. Click "Start"-> "Control panel" -> Double-click Java icon (coffee cup)
2. Move to "Update" tab and update Java by clicking "Update Now". After that do a restart.
3. If you can't make automatic update, get new version manually from here -> http://www.java.com/en/download/manual.jsp
4. After updating, uninstall the old Java (if found) from Add/Remove Programs, named as
J2SE Runtime Environment 5.0 Update 6

Now that you're clean, here are some tips how to stay clean.

-> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.

-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.

-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

-> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?

Stay clean ;)

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 20. June 2006 @ 06:52

jcogswell

Newbie

20. June 2006 @ 11:56

Link to this message

Ok followed your instructions and here are the reports you wanted:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:53:43 PM 6/20/2006

+ Scan result:

C:\Documents and Settings\Administrator\Cookies\administrator@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 2:33:58 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Sunbelt Software\Personal firewall 4\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Sunbelt Software\Personal firewall 4\kpf4gui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\AOL\1140134680\ee\AOLSoftware.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sunbelt Software\Personal firewall 4\kpf4gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\HJT\HijackThis_v1.99.1.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140134680\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://207.155.242.147/Remote/msrdp.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtool...
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wealthcounsel.webex.com/client/v_mywebex-t20/support/ieatgpc.cab
O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

SmitFraudFix v2.62

Scan done at 14:25:11.68, Tue 06/20/2006
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f85e05f5-667e-41b0-ab8a-147337a99e65}"="bloodthirst"

[HKEY_CLASSES_ROOT\CLSID\{f85e05f5-667e-41b0-ab8a-147337a99e65}\InProcServer32]
@="C:\WINDOWS\system32\xuefh.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{f85e05f5-667e-41b0-ab8a-147337a99e65}\InProcServer32]
@="C:\WINDOWS\system32\xuefh.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\Security Toolbar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\xuefh.dll -> Missing File

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Am I clean now?

Jenny

Advertisement

Senior Member

21. June 2006 @ 07:15

Link to this message

Hi jcogswell, you're clean now :)

Now that you're clean, here are some tips how to stay clean.

-> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.

-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.

-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

-> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?

Stay clean ;)

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

Page:	< Previous	1	2	3	4	5	6	7	Next >

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need w32.myzor.fk@yf help

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team

© 1999-2025 by AfterDawn Ltd.