|
help removing spyfalcon (now with NEW logfiles)
|
|
|
matt24_02
Junior Member
|
6. May 2006 @ 14:26 |
Link to this message
|
|
i dunno what happened with my computer today but all of a sudden i was pounded with adware and spyware earlier today. ive been running scans all day with all sorts of programs. and i still cant get rid of this program called spyfalcon. which is a rogue antispyware. which was installed on my computer by some trojan.popuper. im completely out of ideas on what to do. so hopefully somebody can help me out with my problem cause im going insane trying to get rid of this. ive tried system restore but it wont let me restore to any day that has a restore point.
|
|
Advertisement
|
  |
|
|
|
smaan
Junior Member
|
6. May 2006 @ 14:41 |
Link to this message
|
ironic, i had the same problem today.i uninstalled spyfalcon, then i installed a software called Prevx1. when you install it, it should automatically do a scan. it takes a while. after the scan is complete, shut download Prevx1 and uninstall it. i suggest this because, if you keep it on, it will always tell you that you have an infection, and have to run a scan. this scan takes much longer than it would take with ad aware, so i suggest that, after you remove this Prevx1, run an ad aware scan. ad aware, however does not remove spyfalcon
download link for Prevx1
http://free.prevx.com/
and by the way, Prevx1 is a free trial
good luck
smaan
|
|
ddp
Moderator
|
6. May 2006 @ 14:52 |
Link to this message
|
|
|
|
matt24_02
Junior Member
|
6. May 2006 @ 15:39 |
Link to this message
|
|
ran all those items in that order. and theres still an icon in my task bar blinking saying that i have a virus. this is the thing thats spyfalcon. and its still there. i dont know what else to do here guys. anything else?
forgot to mention that spyfalcon does not appear under add/remove programs.
This message has been edited since posting. Last time this message was edited on 6. May 2006 @ 15:40
|
|
yompie
Newbie
|
6. May 2006 @ 15:55 |
Link to this message
|
|
you can get rid of Spyfalcon.
The Programm to use is Xoftspy.
|
|
matt24_02
Junior Member
|
6. May 2006 @ 16:00 |
Link to this message
|
|
tried that program too. and it was still there. but i remembered one of the scans i ran showed a file that was infected. so i just went into safe mode and deleted it. rebooted and now its gone. or atleast theres nothing on the taskbar anymore telling me that my system is infected. so im gunna run a virus scan and see if im all clean.
|
|
ddp
Moderator
|
6. May 2006 @ 19:25 |
Link to this message
|
|
do you know how to use regedit?
|
Senior Member
|
6. May 2006 @ 20:18 |
Link to this message
|
@matt24_02
Your smitfraud infection is propably not completely gone... In order to remove it completely, it usually requires its own fix.
Please post a HijackThis log to here, instructions -> http://forums.afterdawn.com/thread_view.cfm/263784
(steps 3-5)
Then download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Unzip it (folder named SmitFraudFix) to your desktop:
Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)
Post the contents of this textfile to here.
(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
So post a HijackThis log and a Smitfraudfix log to here and we can see if you are clean.
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 6. May 2006 @ 20:18
|
|
matt24_02
Junior Member
|
7. May 2006 @ 07:39 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 11:37:20 AM, on 5/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\setup programs\utorrent.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\HJT\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [”Torrent] "C:\setup programs\utorrent.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Dbad] "C:\PROGRA~1\PPATCH~1\arpa.exe" -vt yazr
O4 - HKCU\..\Run: [Wtxyrrl] C:\Documents and Settings\Gill\My Documents\??sks\d?xplore.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{367C827C-4197-4868-A95B-BA6933F02F7D}: NameServer = 65.114.88.19,65.114.88.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6A8A302-51A9-4A21-9DD1-7FFB303ABEB7}: NameServer = 65.114.88.19,65.114.88.18
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
|
|
matt24_02
Junior Member
|
7. May 2006 @ 07:47 |
Link to this message
|
|
SmitFraudFix v2.40
Scan done at 11:41:19.46, Sun 05/07/2006
Run from C:\Documents and Settings\Gill\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gill\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Gill\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{35a88e51-b53d-43e9-b8a7-75d4c31b4676}"="Register LogWare"
[HKEY_CLASSES_ROOT\CLSID\{35a88e51-b53d-43e9-b8a7-75d4c31b4676}\InProcServer32]
@="C:\WINDOWS\system32\reglogs.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{35a88e51-b53d-43e9-b8a7-75d4c31b4676}\InProcServer32]
@="C:\WINDOWS\system32\reglogs.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
|
|
hiphophd
Newbie
|
7. May 2006 @ 08:29 |
Link to this message
|
|
|
Senior Member
|
7. May 2006 @ 09:17 |
Link to this message
|
Hi again matt24_02.
You don't have a firewall on your computer. Download and install one firewall.
These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com
Ok, you have that smitfraud and some other infections too....
Cleaning instructions:
Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download
We'll use it later.
Fix the following entries with HijackThis (run HijackThis, press "Do a system scan only", close all other windows, checkmark entries and press Fix checked):
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [Dbad] "C:\PROGRA~1\PPATCH~1\arpa.exe" -vt yazr
O4 - HKCU\..\Run: [Wtxyrrl] C:\Documents and Settings\Gill\My Documents\??sks\d?xplore.exe
Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode and choose your normal user account -> http://www.pchell.com/support/safemode.shtml
Delete these folders (if found):
C:\PROGRAM FILES\PPATCH~1
C:\Documents and Settings\Gill\My Documents\??sks (these -> ?? are some random letters)
When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.
You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.
The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".
The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.
Tha log is saved to your local diskdrive, usually C:\rapport.txt.
Warning : Running option 2 in a clean computer will delete your desktop wallpaper.
Scan and clean your computer with Ewido and save the log file.
Make your hidden files invisible again.
Post the following logs to here:
-> Ewido's log
-> a new HijackThis log
-> contents of C:\rapport.txt
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
This message has been edited since posting. Last time this message was edited on 7. May 2006 @ 09:17
|
|
matt24_02
Junior Member
|
7. May 2006 @ 10:06 |
Link to this message
|
|
SmitFraudFix v2.40
Scan done at 13:54:41.14, Sun 05/07/2006
Run from C:\Documents and Settings\Gill\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\1024\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End
|
|
matt24_02
Junior Member
|
7. May 2006 @ 10:18 |
Link to this message
|
|
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 2:16:12 PM, 5/7/2006
+ Report-Checksum: 55B58CA0
+ Scan result:
:mozilla.21:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Gill\Application Data\Netscape\NSB\Profiles\szfrvm7n.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Gill\Cookies\gill@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Gill\Cookies\gill@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Gill\Cookies\gill@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Gill\Cookies\gill@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Gill\Cookies\gill@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Gill\Cookies\gill@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Gill\Cookies\gill@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Gill\Cookies\gill@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Gill\Cookies\gill@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Gill\Cookies\gill@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Gill\Cookies\gill@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
::Report End
|
|
matt24_02
Junior Member
|
7. May 2006 @ 10:21 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 2:18:08 PM, on 5/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\setup programs\utorrent.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\HJT\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [”Torrent] "C:\setup programs\utorrent.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{367C827C-4197-4868-A95B-BA6933F02F7D}: NameServer = 65.114.88.19,65.114.88.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6A8A302-51A9-4A21-9DD1-7FFB303ABEB7}: NameServer = 65.114.88.19,65.114.88.18
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
|
Senior Member
|
7. May 2006 @ 10:33 |
Link to this message
|
|
Hi matt24_02, you're clean now :)
But install a firewall...
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
HKS069
Newbie
|
12. May 2006 @ 23:28 |
Link to this message
|
|
same problem spyfalcon...here is my smitfraudfix logfile...
SmitFraudFix v2.43
Scan done at 9:24:56.04, Sat 05/13/2006
Run from C:\Documents and Settings\George Mallia\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\country.exe FOUND !
C:\WINDOWS\toolbar.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\appmagr.dll FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\George Mallia\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GEORGE~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{64ba30a2-811a-4597-b0af-d551128be340}"="AppManager"
[HKEY_CLASSES_ROOT\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="C:\WINDOWS\system32\appmagr.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="C:\WINDOWS\system32\appmagr.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
|
|
Advertisement
|
|
|
Senior Member
|
13. May 2006 @ 03:31 |
Link to this message
|
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
