|
Spyware troubles - please help
|
|
|
tongkaiyi
Newbie
|
1. May 2006 @ 11:47 |
Link to this message
|
|
Well when playing the 'Windows Task Manager' running and it reported that the CPU was working at 100% most of the time, if the computers not working the ebst it can could that cause the game to not play at its best? It also seems like the game is working less and less than what it could too :( However... most other things like the computer itself are working okay. Did that help? ;P
|
|
Advertisement
|
|
|
|
Senior Member
|
1. May 2006 @ 11:57 |
Link to this message
|
|
|
tongkaiyi
Newbie
|
1. May 2006 @ 12:17 |
Link to this message
|
|
Okay, I'll do that now :o
|
|
tongkaiyi
Newbie
|
1. May 2006 @ 13:27 |
Link to this message
|
|
On second thought, I'll wait until tomorrow to do the scan and report, got to 37% and go bored... ;P But there was 50+ 'Threats' on my computer up to that point 0_o
By the way, it seems my computer is acting slower... I think, might just be thinking it, it's 10:30 PM and I ain't had much sleep lately ;P
This message has been edited since posting. Last time this message was edited on 1. May 2006 @ 13:28
|
|
UO777
Newbie
|
1. May 2006 @ 23:09 |
Link to this message
|
Alright , hello everyone , i have a problem and i would appreciate if u can give me some tips , i have this little thingy red icon on my task bar that saids im infected with virus , and a yellow triangle with an exclamation point on it , i have seen that everyone is posting their " HijackThis " log files , so ill post mines , hope everyone can help me out here :)
Logfile of HijackThis v1.99.1
Scan saved at 12:59:18 AM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\COMMON~1\MBOLS~1\msdtc.exe
C:\Program Files\?dobe\?xplorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JUANSI~1\LOCALS~1\Temp\Rar$EX00.963\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hmcyhcu.exe
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpD9ED.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Cdso] "C:\PROGRA~1\COMMON~1\MBOLS~1\msdtc.exe" -vt mt
O4 - HKCU\..\Run: [Kgytm] C:\Program Files\?dobe\?xplorer.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [zuof] C:\PROGRA~1\COMMON~1\zuof\zuofm.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winvew32 - C:\WINDOWS\SYSTEM32\winvew32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: KJEVYEZDBLM - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JUANSI~1\LOCALS~1\Temp\KJEVYEZDBLM.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
alright , that was it...
any suggestions ?
No kidding dude!! , im trying to be a Sound and Music Engineer :)
|
|
-kemisti-
AfterDawn Addict
|
1. May 2006 @ 23:17 |
Link to this message
|
@UO777:
Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Unzip it (folder named SmitFraudFix) to your desktop:
Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)
Post the contents of this textfile to here.
(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
|
|
UO777
Newbie
|
1. May 2006 @ 23:23 |
Link to this message
|
|
alright , the scan log file shows me this:
SmitFraudFix v2.37
Scan done at 1:21:25.64, Tue 05/02/2006
Run from C:\Documents and Settings\Juan Sierra\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\twain32.dll FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Juan Sierra\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!! Attention, follow keys are not inevitably infected !!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"="Twain"
[HKEY_CLASSES_ROOT\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="C:\WINDOWS\system32\twain32.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="C:\WINDOWS\system32\twain32.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
No kidding dude!! , im trying to be a Sound and Music Engineer :)
|
|
-kemisti-
AfterDawn Addict
|
1. May 2006 @ 23:32 |
Link to this message
|
|
* Move HjT into its own folder -> C:\hjt
* Open HjT, click do a system scan only, checkmark these and press fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [Cdso] "C:\PROGRA~1\COMMON~1\MBOLS~1\msdtc.exe" -vt mt
O4 - HKCU\..\Run: [Kgytm] C:\Program Files\?dobe\?xplorer.exe
O4 - HKCU\..\Run: [zuof] C:\PROGRA~1\COMMON~1\zuof\zuofm.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O20 - Winlogon Notify: winvew32 - C:\WINDOWS\SYSTEM32\winvew32.dll
Do you have any idea what's this?
O23 - Service: KJEVYEZDBLM - Sysinternals - www.sysinternals.com - C:\DOCUME~1\JUANSI~1\LOCALS~1\Temp\KJEVYEZDBLM.exe
If not, fix it too.
* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
* Delete these:
C:\PROGRA~1\COMMON~1\MBOLS~1
C:\Program Files\?dobe ? = unknown character, might be A
C:\PROGRA~1\COMMON~1\zuof
C:\WINDOWS\SYSTEM32\winvew32.dll
(C:\DOCUME~1\JUANSI~1\LOCALS~1\Temp\KJEVYEZDBLM.exe)
* Double-click smitfraudfix.cmd
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
Reboot, send a fresh HjT log and contents of C:\rapport.txt
This message has been edited since posting. Last time this message was edited on 1. May 2006 @ 23:33
|
|
UO777
Newbie
|
1. May 2006 @ 23:52 |
Link to this message
|
alright so i did what u told me too and i think the problem was fix because i didnt had the icons on the task bar , but stil , the HijackThis log goes
Logfile of HijackThis v1.99.1
Scan saved at 1:49:40 AM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Juan Sierra\Desktop\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hmcyhcu.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winvew32 - C:\WINDOWS\SYSTEM32\winvew32.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
and the Rapport :
SmitFraudFix v2.37
Scan done at 1:45:27.19, Tue 05/02/2006
Run from C:\Documents and Settings\Juan Sierra\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\twain32.dll Deleted
C:\WINDOWS\system32\1024\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End
fixed? , any other spyware that i have to remove?
No kidding dude!! , im trying to be a Sound and Music Engineer :)
|
|
-kemisti-
AfterDawn Addict
|
1. May 2006 @ 23:58 |
Link to this message
|
Yep, two more left.
Download KillBox
http://www.bleepingcomputer.com/files/spyware/KillBox.zip
Unzip,open and select Delete on Reboot
Then copy the line below
C:\WINDOWS\SYSTEM32\winvew32.dll
Click File > Paste from Clipboard
Press Delete (red circle with white X)
Answer yes to any questions and if computer doesn't reboot, reboot it by yourself.
Download Blacklight and save it to ytour desktop http://www.f-secure.com/blacklight/try.shtml
Doubleclick blbeta.exe, accept agreement, click > Scan, then > Next
You'll see a list. There will be log on your desktop named fsbl.xxxxxxx.log (xxxxxxx = random numbers).
Copy and paste that list to your next reply along with a fresh HjT log.
|
|
UO777
Newbie
|
2. May 2006 @ 00:12 |
Link to this message
|
alright so mm , the HijackThis log goes:
Logfile of HijackThis v1.99.1
Scan saved at 2:08:01 AM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Juan Sierra\Desktop\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hmcyhcu.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winvew32 - winvew32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
and the fsbl list :
05/02/06 02:05:21 [Info]: BlackLight Engine 1.0.36 initialized
05/02/06 02:05:21 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/02/06 02:05:24 [Note]: 7019 4
05/02/06 02:05:24 [Note]: 7005 0
05/02/06 02:05:30 [Note]: 7006 0
05/02/06 02:05:30 [Note]: 7011 1472
05/02/06 02:05:30 [Note]: 7026 0
05/02/06 02:05:31 [Note]: 7026 0
05/02/06 02:05:42 [Note]: FSRAW library version 1.7.1015
05/02/06 02:07:28 [Note]: 2000 1006
05/02/06 02:07:49 [Note]: 7007 0
i also used to have a problem where a lot of pop-ups were opened , with some freaky faces and stuff, some others asking me to install desktop bars and they tend to drag icons to the desktop , any idea of what that is? , or they're just deleted in all this thingies that i have doned by your instructions...?
No kidding dude!! , im trying to be a Sound and Music Engineer :)
|
|
-kemisti-
AfterDawn Addict
|
2. May 2006 @ 00:17 |
Link to this message
|
Ok.
First try to find this file:
hmcyhcu.exe (use Find-function -> all files and folders -> options
and select three upper ones)
Delete if found
Fix these lines:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hmcyhcu.exe
O20 - Winlogon Notify: winvew32 - winvew32.dll (file missing)
Reboot and send a fresh HjT log.
Yes, those were related to eg. PurityScan that you had on your computer.
|
|
UO777
Newbie
|
2. May 2006 @ 00:25 |
Link to this message
|
alright here's the Hijack log scan
Logfile of HijackThis v1.99.1
Scan saved at 2:22:55 AM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Juan Sierra\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
still having threads ?
No kidding dude!! , im trying to be a Sound and Music Engineer :)
|
|
-kemisti-
AfterDawn Addict
|
2. May 2006 @ 02:16 |
Link to this message
|
|
@UO777: It's clean now :)
|
|
tongkaiyi
Newbie
|
2. May 2006 @ 06:39 |
Link to this message
|
|
Here's my report, tapiiri, there was 110 'threats'...
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 15:35:31, 02/05/2006
+ Report-Checksum: 36E5293E
+ Scan result:
HKLM\SOFTWARE\Classes\BHO.Adware -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Classes\BHO.Adware\CLSID -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Classes\BHO.Adware\CurVer -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Classes\BHO.Hider -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Classes\BHO.Hider\CLSID -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Classes\BHO.Hider.1 -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Microsoft\Netstat -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Microsoft\Webext -> Adware.Ezula : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Netsync -> Adware.Begin2Search : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RsyncMon -> Adware.Begin2Search : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\Bolger -> Adware.VX2 : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4006DCA3-433D-4FC8-AC36-42DA7797DCB7} -> Adware.eZula : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4487598C-2EC7-43A2-870E-6D8D720FDD9F} -> Adware.SafeSurfing : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70230839-555C-4862-8D42-BB1E2352502C} -> Adware.SafeSurfing : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\_rtneg3 -> Adware.Begin2Search : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\_rtneg3\eeennn -> Adware.Begin2Search : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\_rtneg3\kkws -> Adware.Begin2Search : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\_rtneg3\ppops -> Adware.Begin2Search : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\_rtneg3\reel -> Adware.Begin2Search : Ignored
HKU\S-1-5-21-1791350346-3469428471-2945269328-1015\Software\_rtneg3\ssites -> Adware.Begin2Search : Ignored
C:\Documents and Settings\Administrator.CATHERINESROOM.007\Cookies\administrator@advertising[1].txt -> TrackingCookie.Advertising : Ignored
C:\Documents and Settings\Administrator.CATHERINESROOM.007\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored
C:\Documents and Settings\Administrator.CATHERINESROOM.007\Cookies\administrator@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Administrator.CATHERINESROOM.007\Cookies\administrator@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Ignored
C:\Documents and Settings\Administrator.CATHERINESROOM.007\Cookies\administrator@servedby.advertising[2].txt -> TrackingCookie.Advertising : Ignored
C:\Documents and Settings\Administrator.CATHERINESROOM.007\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignored
C:\Documents and Settings\Guest\Cookies\guest@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Ignored
C:\Documents and Settings\Guest\Cookies\guest@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored
C:\Documents and Settings\Guest\Cookies\guest@cliks[2].txt -> TrackingCookie.Cliks : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@adtech[2].txt -> TrackingCookie.Adtech : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@advertising[2].txt -> TrackingCookie.Advertising : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@as1.falkag[2].txt -> TrackingCookie.Falkag : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@sextracker[1].txt -> TrackingCookie.Sextracker : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@statcounter[2].txt -> TrackingCookie.Statcounter : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@valueclick[1].txt -> TrackingCookie.Valueclick : Ignored
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@zedo[2].txt -> TrackingCookie.Zedo : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@com[2].txt -> TrackingCookie.Com : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Ignored
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@zedo[2].txt -> TrackingCookie.Zedo : Ignored
C:\Documents and Settings\Liam\Start Menu\NoCreditCard.url -> Adware.UnwantedIcons : Ignored
C:\Documents and Settings\Mo\Cookies\mo@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignored
C:\Documents and Settings\Mo\Cookies\mo@aavalue[2].txt -> TrackingCookie.Aavalue : Ignored
C:\Documents and Settings\Mo\Cookies\mo@as1.falkag[1].txt -> TrackingCookie.Falkag : Ignored
C:\Documents and Settings\Mo\Cookies\mo@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Mo\Cookies\mo@casinotropez[1].txt -> TrackingCookie.Casinotropez : Ignored
C:\Documents and Settings\Mo\Cookies\mo@data3.perf.overture[2].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Mo\Cookies\mo@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Ignored
C:\Documents and Settings\Mo\Cookies\mo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Mo\Cookies\mo@perf.overture[1].txt -> TrackingCookie.Overture : Ignored
C:\Documents and Settings\Mo\Cookies\mo@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored
C:\Documents and Settings\Mo\Cookies\mo@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Ignored
C:\Documents and Settings\Mo\Cookies\mo@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Ignored
C:\Documents and Settings\Mo\Local Settings\Temp\delwbi.tmp -> Dialer.Generic : Ignored
C:\Documents and Settings\Rachel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-593ebb39-534913fa.class -> Downloader.OpenStream.y : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@adtech[2].txt -> TrackingCookie.Adtech : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@advertising[2].txt -> TrackingCookie.Advertising : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@as1.falkag[2].txt -> TrackingCookie.Falkag : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@fastclick[1].txt -> TrackingCookie.Fastclick : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@ilead.itrack[1].txt -> TrackingCookie.Itrack : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@media.fastclick[2].txt -> TrackingCookie.Fastclick : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Ignored
C:\Documents and Settings\Rachel\Cookies\rachel@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Ignored
C:\HJT\backups\backup-20060428-083256-541.dll -> Trojan.P2E.cl : Ignored
C:\lf_6E8.tmp -> Downloader.Dluca : Ignored
C:\lf_8B4.tmp -> Downloader.Dluca : Ignored
C:\lf_D74.tmp -> Downloader.Dluca : Ignored
C:\lf_F38.tmp -> Downloader.Dluca : Ignored
C:\nj.exe -> Downloader.Small.cpg : Ignored
C:\Program Files\Common Files\WinSoftware\WFF.exe -> Adware.Winfixer : Ignored
C:\Program Files\Microsoft AntiSpyware\Quarantine\CD6564C3-7E31-4ED2-BF75-3AC343\05AF3AA7-BF3E-44D9-BEE9-BD840D -> Trojan.P2E.cl : Ignored
C:\temp\180SAPack.exe -> Downloader.Small.asf : Ignored
C:\WINDOWS\system32\cache32_rtneg2 -> Adware.Begin2Search : Ignored
C:\WINDOWS\system32\cache32_rtneg2\100dsktptr.bin -> Adware.Begin2Search : Ignored
C:\WINDOWS\system32\cache32_rtneg2\msg.bin -> Adware.Begin2Search : Ignored
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.r : Ignored
C:\WINDOWS\system32\drivers\etc\hosts.msn -> Trojan.Qhost.r : Ignored
C:\WINDOWS\system32\drivers\WFF.sys -> Adware.Winfixer : Ignored
C:\WINDOWS\system32\eg_auth_srv_1049.dll -> Trojan.P2E.cl : Ignored
C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Ignored
C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Ignored
C:\WINDOWS\system32\mxwecra.exe -> Adware.NaviPromo : Ignored
C:\WINDOWS\system32\sysiasvc32.dll -> Dialer.EGroup.u : Ignored
C:\WINDOWS\system32\syswbsvc32.dll -> Dialer.InstantAccess.e : Ignored
C:\WINDOWS\Temp\Cookies\kyle@statcounter[1].txt -> TrackingCookie.Statcounter : Ignored
C:\WINDOWS\Temp\Cookies\liam@bfast[1].txt -> TrackingCookie.Bfast : Ignored
C:\WINDOWS\Temp\Cookies\mo@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Ignored
C:\WINDOWS\Temp\Cookies\mo@cliks[2].txt -> TrackingCookie.Cliks : Ignored
::Report End
|
Senior Member
|
2. May 2006 @ 07:07 |
Link to this message
|
|
Huh tongkaiyi , Sorry to say but nothing was cleaned.
You should do scan with ewido again. And when appears window "infected object found" choose in perform action REMOVE and put mark "perform action with all infections"
Save raport and send it to here.
|
|
tongkaiyi
Newbie
|
2. May 2006 @ 07:59 |
Link to this message
|
|
Haha, okay ~ thanks, I'll post the report up later XD
|
|
UO777
Newbie
|
2. May 2006 @ 08:50 |
Link to this message
|
|
Hey -kemisti- , thank you very much for the help , u rock :)
No kidding dude!! , im trying to be a Sound and Music Engineer :)
|
|
-kemisti-
AfterDawn Addict
|
2. May 2006 @ 09:28 |
Link to this message
|
|
@UO777: You're welcome :)
|
|
UO777
Newbie
|
2. May 2006 @ 09:35 |
Link to this message
|
|
hey i also want to know something , how u guys know how to fix this problems?? and is there any way can i protect myself from more threads ?
No kidding dude!! , im trying to be a Sound and Music Engineer :)
|
|
tongkaiyi
Newbie
|
2. May 2006 @ 09:54 |
Link to this message
|
|
Simple answrer UO777: they're genius' :D
Anyways, tapiiri, here's my correctly done log ;)
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 18:52:33, 02/05/2006
+ Report-Checksum: F8C25404
+ Scan result:
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Kyle 5\Cookies\kyle 5@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Kyle.CATHERINESROOM\Local Settings\Temp\Cookies\kyle@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Liam\Start Menu\NoCreditCard.url -> Adware.UnwantedIcons : Cleaned with backup
C:\Documents and Settings\Mo\Cookies\mo@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Mo\Cookies\mo@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Mo\Cookies\mo@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Mo\Cookies\mo@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Mo\Cookies\mo@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Mo\Cookies\mo@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Mo\Cookies\mo@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Mo\Cookies\mo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mo\Cookies\mo@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Mo\Cookies\mo@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Mo\Cookies\mo@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Mo\Cookies\mo@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\Mo\Local Settings\Temp\delwbi.tmp -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Rachel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-593ebb39-534913fa.class -> Downloader.OpenStream.y : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Rachel\Cookies\rachel@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup
C:\HJT\backups\backup-20060428-083256-541.dll -> Trojan.P2E.cl : Cleaned with backup
C:\lf_6E8.tmp -> Downloader.Dluca : Cleaned with backup
C:\lf_8B4.tmp -> Downloader.Dluca : Cleaned with backup
C:\lf_D74.tmp -> Downloader.Dluca : Cleaned with backup
C:\lf_F38.tmp -> Downloader.Dluca : Cleaned with backup
C:\nj.exe -> Downloader.Small.cpg : Cleaned with backup
C:\Program Files\Common Files\WinSoftware\WFF.exe -> Adware.Winfixer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CD6564C3-7E31-4ED2-BF75-3AC343\05AF3AA7-BF3E-44D9-BEE9-BD840D -> Trojan.P2E.cl : Cleaned with backup
C:\temp\180SAPack.exe -> Downloader.Small.asf : Cleaned with backup
C:\WINDOWS\system32\cache32_rtneg2 -> Adware.Begin2Search : Cleaned with backup
C:\WINDOWS\system32\cache32_rtneg2\100dsktptr.bin -> Adware.Begin2Search : Cleaned with backup
C:\WINDOWS\system32\cache32_rtneg2\msg.bin -> Adware.Begin2Search : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.r : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts.msn -> Trojan.Qhost.r : Cleaned with backup
C:\WINDOWS\system32\drivers\WFF.sys -> Adware.Winfixer : Cleaned with backup
C:\WINDOWS\system32\eg_auth_srv_1049.dll -> Trojan.P2E.cl : Cleaned with backup
C:\WINDOWS\system32\msplock32.dll -> Adware.NaviPromo : Cleaned with backup
C:\WINDOWS\system32\mxwecra.exe -> Adware.NaviPromo : Cleaned with backup
C:\WINDOWS\system32\sysiasvc32.dll -> Dialer.EGroup.u : Cleaned with backup
C:\WINDOWS\system32\syswbsvc32.dll -> Dialer.InstantAccess.e : Cleaned with backup
C:\WINDOWS\Temp\Cookies\kyle@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\WINDOWS\Temp\Cookies\liam@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\WINDOWS\Temp\Cookies\mo@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\mo@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
::Report End
|
Senior Member
|
2. May 2006 @ 10:23 |
Link to this message
|
|
Yes now it looks fine :)
Try if it helps now.
|
|
tongkaiyi
Newbie
|
2. May 2006 @ 10:32 |
Link to this message
|
|
Indeed, my game is running just as it before. Thanks again, tapiiri :D
|
Senior Member
|
2. May 2006 @ 10:47 |
Link to this message
|
|
You're Wellcome
|
|
Advertisement
|
|
|
|
UO777
Newbie
|
2. May 2006 @ 10:58 |
Link to this message
|
|
whooaaa ! , thanks alot for the help guys , i appreciate it
No kidding dude!! , im trying to be a Sound and Music Engineer :)
|
