Need help removing w32.myzor.fk@yf virus

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Tuesday 26.8.2025 / 18:30

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help removing w32.myzor.fk@yf virus

Browse by topic

Forums

Start a new thread

Need help removing w32.myzor.fk@yf virus

Jump to:

Posted

Message

sculptor6

Newbie

17. August 2006 @ 06:05

Link to this message

I've read a couple posts on trying to get rid of this one. I've done the virus scans. One listed it as win32/spax!generic but reading through the help on that site it said it was likely win32/beovens. Below is the HijackThis file...

Logfile of HijackThis v1.99.1
Scan saved at 7:48:03 AM, on 8/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IntCodec\isamonitor.exe
C:\Program Files\IntCodec\isamini.exe
C:\Program Files\IntCodec\pmsngr.exe
C:\Program Files\IntCodec\pmmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerMenu] "%systemroot%\system32\powermenu.exe" -hideself on
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYCA_ZBzeb032YYCA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquar...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[ + quote]

maca1

Senior Member

17. August 2006 @ 06:18

Link to this message

go to add/remove programs and remove the following if there

Wild Tangent

Intcodec

mywebsearch

Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php

download ewido

http://www.ewido.net/en/

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Click here to download ATF Cleaner by Atribune and save it to your desktop.

http://majorgeeks.com/ATF_Cleaner_d4949.html

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.

* Click here for info on how to boot to safe mode if you don't already know
how.

http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.

* Restart your computer into safe mode now. Perform the following steps in
safe mode:

have hijack this fix these entries. close all browsers and programmes before
clicking FIX.

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.

C:\Program Files\IntCodec\isamonitor.exe
C:\Program Files\IntCodec\isamini.exe
C:\Program Files\IntCodec\pmsngr.exe
C:\Program Files\IntCodec\pmmon.exe
C:\Program Files\IntCodec
C:\WINDOWS\system32\viruxz.dll
C:\PROGRA~1\MYWEBS~1

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.

Run Ewido!

# IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
# Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
# Ewido will now begin the scanning process. Be patient this may take a little time.
Once the scan is complete do the following:
# If you have any infections you will prompted, set everything to quarantine then select "Apply all actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
# Close Ewido and reboot your system back into Normal Mode.

post another hijack this log, the ewido, smitfraud log

[ + quote]

This message has been edited since posting. Last time this message was edited on 17. August 2006 @ 06:38

sculptor6

Newbie

17. August 2006 @ 18:17

Link to this message

Thanks maca1 for the fast reply. I followed the directions as close as I could. One question I have is, does it matter if I executed all your directions as adminstrator? I couldn't figure out for the life of me how to sign on as the administrator in XP. I only found it in the safe mode as a choice... anyway. Here are the reports as requested.

Logfile of HijackThis v1.99.1
Scan saved at 7:04:24 PM, on 8/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Monica.LORRIN-Z3VR74T8\Desktop\HijackThis_v1.99.1.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerMenu] "%systemroot%\system32\powermenu.exe" -hideself on
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquar...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:06:53 PM 8/17/2006

+ Scan result:

HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Error during cleaning.
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Multimpp -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_2540 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_2539 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_2542 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_2538 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_2541 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2523 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2524 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2526 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2530 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2531 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2543 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_2544 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3165 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3166 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3167 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3168 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3169 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3170 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3171 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3218 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3224 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3225 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3235 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3251 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3252 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3253 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3442 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3443 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_3444 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_2307 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_2309 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_2311 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_2312 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_2313 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_2882 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_3221 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_3222 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2540 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_2539 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_2542 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_2538 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_2541 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2523 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2524 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2530 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2531 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2543 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_2544 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3165 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3166 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3167 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3168 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3169 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3170 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3171 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3218 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3224 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3225 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3239 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3251 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3252 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3253 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3442 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3443 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_3444 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_2540 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_2539 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_2542 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_2538 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_2541 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2523 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2524 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2530 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2531 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2543 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_2544 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3165 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3166 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3167 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3168 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3169 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3170 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3171 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3218 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3224 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3225 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3240 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3251 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3252 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3253 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3442 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3443 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4\Seqn_3444 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_2909 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3557 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3558 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3559 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_3220 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_3254 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_3255 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_3256 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2595F37-48D0-46A1-9B51-478591A97764} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DA7DBE8-C51B-4AE4-BC6E-21863349B0B4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2595F37-48D0-46A1-9B51-478591A97764} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1303643608-839522115-1008\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Sandlot Shared\slghex.dll -> Adware.SpywareStorm : Cleaned with backup (quarantined).
C:\Downloads\CakeManiaSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Monica.LORRIN-Z3VR74T8\Cookies\monica@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Monica.LORRIN-Z3VR74T8\Cookies\monica@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@need2find[1].txt -> TrackingCookie.Need2find : Cleaned.
C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\RECYCLER\NPROTECT\00015890.TXT -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\NPROTECT\00014559.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014560.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014561.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014562.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014563.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014564.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014565.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014566.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014567.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014568.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014569.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014570.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014571.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014572.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014573.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014574.TXT -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\NPROTECT\00014575.TXT -> TrackingCookie.Zedo : Cleaned.

::Report end

SmitFraudFix v2.81

Scan done at 19:13:07.90, Thu 08/17/2006
Run from C:\Documents and Settings\Monica.LORRIN-Z3VR74T8\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\IntCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

[ + quote]

maca1

Senior Member

18. August 2006 @ 03:46

Link to this message

No it shouldn't matter.

run HijackThis and click Do a system scan only

Place a check beside the following:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll (file missing)

O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll (file missing)

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)

Make sure all other windows are closed and click Fix Checked

click here to download

Java Runtime Environment (JRE) 5.0 Update 8

http://java.sun.com/javase/downloads/index.jsp

go to add/remove programs and remove all previous versions of java and install the new version.

post new HijackThis log

[ + quote]

sculptor6

Newbie

18. August 2006 @ 08:17

Link to this message

I finished all as requested. One question I have two different java products still on the add/remove list. They looked different than all the other ones I removed. They are listed as:
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06

Should I remove these two as well?

When I tried removing the J2SE environment 5 update 4 it said something about removing w32.myzor.fk@yf first. I had to choose ignore to be able to remove that version of java.

Here is the HijackThis file:

Logfile of HijackThis v1.99.1
Scan saved at 10:11:59 AM, on 8/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerMenu] "%systemroot%\system32\powermenu.exe" -hideself on
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYCA_ZBzeb032YYCA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquar...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[ + quote]

maca1

Senior Member

18. August 2006 @ 10:10

Link to this message

yes, remove them

check and fix this with HjT

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYCA_ZBzeb032YYCA

use atf cleaner again then
Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm
When the scan is finished, save the results from the scan!

Come back here and post a new Hijack This log along with the log from Panda scan.

[ + quote]

sculptor6

Newbie

18. August 2006 @ 21:39

Link to this message

Here is the results of the panda scan and the HijackThis...

Incident Status Location

Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys
Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\Altnet
Adware:adware/rxtoolbar not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/intcodec Not disinfected Windows Registry
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@belnk[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@dist.belnk[2].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@kount[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@rn11[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@searchportal.information[1].txt
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Local Settings\Temporary Internet Files\Content.IE5\NWXTB4CK\channels_02[1].gif
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@mediaplex[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Monica.LORRIN-Z3VR74T8\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Monica.LORRIN-Z3VR74T8\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] Logfile of HijackThis v1.99.1
Scan saved at 11:35:45 PM, on 8/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerMenu] "%systemroot%\system32\powermenu.exe" -hideself on
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquar...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[ + quote]

maca1

Senior Member

19. August 2006 @ 04:10

Link to this message

you may want to copy these instrcutions as youll be going in to safe mode soon.

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.

c:\windows\smdat32a.sys

c:\program files\FunWebProducts

c:\program files\MyWebSearch

C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Local Settings\Temporary Internet Files\Content.IE5\NWXTB4CK

post another log

[ + quote]

sculptor6

Newbie

21. August 2006 @ 17:21

Link to this message

When I used killbox to delete the files you suggested they were all there as opposed to last time when not one of the files was present. I don't know if that makes any difference...

Here are the latest scan files.

Panda...

Incident Status Location

Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\MyWebSearch bar Uninstall
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\Altnet
Potentially unwanted tool:application/funweb Not disinfected hkey_local_machine\software\Fun Web Products
Adware:adware/rxtoolbar Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/intcodec Not disinfected Windows Registry
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\!KillBox\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\!KillBox\MyWebSearch\bar\Game\CHECKERS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\!KillBox\MyWebSearch\bar\Game\CHESS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\!KillBox\MyWebSearch\bar\Game\REVERSI.F3S
Adware:Adware/FlashTrack Not disinfected C:\!KillBox\NWXTB4CK\channels_02[1].gif
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@belnk[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@dist.belnk[2].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@kount[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@rn11[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Leah.LORRIN-Z3VR74T8\Cookies\leah@searchportal.information[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@ad.yieldmanager[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@ads.pointroll[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@atdmt[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@doubleclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@hitbox[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@perf.overture[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Cookies\lorrin@www.burstbeacon[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Lorrin.LORRIN-Z3VR74T8\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Monica.LORRIN-Z3VR74T8\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Monica.LORRIN-Z3VR74T8\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] hijack this

Logfile of HijackThis v1.99.1
Scan saved at 12:43:02 PM, on 8/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerMenu] "%systemroot%\system32\powermenu.exe" -hideself on
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquar...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > need help removing w32.myzor.fk@yf virus


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.