Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 24.11.2024 / 18:40
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > w32.myzor.fk@yf
Show topics
 
Forums
Forums
W32.Myzor.FK@yf
  Jump to:
 
Posted Message
dbarre14
Newbie
_ 		10. June 2006 @ 00:51 _ Link to this message    Send private message to this user   
Have tried SmitFraudFix in Safe Mode and ewido but to no effect. Still with unwanted popups and alerts. Attached are latest log files. Hope you can help.
Halfback.

Logfile of HijackThis v1.99.1
Scan saved at 09:22:59, on 10/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\PspContr.Exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\program files\common files\system\mplay64.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David Barret.DAVID-B9T5Z74OE.000\Desktop\HijackThis_v1.99.1.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - E:\System\mnyviewer.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [hcwPVRReset] C:\PROGRA~1\WINTV\hcwP1Utl.exe -Quiet -ResetHardware -NotifyResetFailure -KeepTrying
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [WinCast] F:\SETUP.EXE -leng
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\mplay64.exe /noerrorinfo
O4 - HKLM\..\Run: [Msdmxm] c:\windows\system32\msdmxm.exe /nocomm
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ms1src] c:\program files\common files\system\ms1src.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DriveCleaner 2006] "C:\Program Files\DriveCleaner 2006\DC2006.exe" /min
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WINTV\Ir.exe
O4 - Global Startup: MiniMavis.lnk = E:\Data\MavisBeaconTyping\MiniMavis.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?64eefd9036c3476996fe9076eac07e9d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?64eefd9036c3476996fe9076eac07e9d
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions...
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://G:\SuperCD\IntraLaunch.CAB
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 18:11:50, 08/06/2006
+ Report-Checksum: 692C25EB

+ Scan result:

:mozilla.14:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.20:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.33:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.35:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.37:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.44:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.45:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.81:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.102:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.105:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.152:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.164:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.168:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.185:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.187:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.193:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.196:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.211:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.219:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.224:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.227:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.231:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.232:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.233:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.242:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.249:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.261:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.262:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.268:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.271:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.277:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.293:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.318:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.341:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.349:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.357:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.363:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.377:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.380:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.388:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.444:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\David Barret.DAVID-B9T5Z74OE.000\Cookies\david barret@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Cleaned with backup


::Report End
[ + quote]
halfback
Advertisement
_ 		__
Jurppis
Senior Member
_ 		10. June 2006 @ 02:45 _ Link to this message    Send private message to this user   
Hi dbarre14,

Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php
From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"
It will scan the entire System, so please be patient
Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder

Open the SmitfraudFix-folder and doubleclick smitfraudfix.cmd
Hit 1, onyour keyboard, and then Enter
Copy the complete text, wich is on your screen after SmitfraudFix is done, and post it in this topic. Post also the contents of WinPFind.txt
[ + quote]
dbarre14
Newbie
_ 		14. June 2006 @ 11:46 _ Link to this message    Send private message to this user   
Could not get WinPfind to run, but here is log from SmitFraudFix. I did run SmitFraudFix after posting to this thread with much more success. I have only one or two unwanted popups now. Of course I would like to get rid of these. Thanks for your help so far. Halfback.

SmitFraudFix v2.56

Scan done at 20:38:15.35, 14/06/2006
Run from E:\My Documents\CleanUp\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + quote]
halfback
dbarre14
Newbie
_ 		14. June 2006 @ 21:23 _ Link to this message    Send private message to this user   
Have tried WinPFind again. Launches with error message 'file path not found'. Click OK then select all then start scan. Error Access Violation in module 'winpfind.exe' OK seems to set scanner going but no disk light flashing and NO output after 60+ mins. Can you help with this? Would a scan with HijackThis be any good? That seems to work OK? Thanks.
Halfback.
[ + quote]
halfback
Jurppis
Senior Member
_ 		15. June 2006 @ 03:36 _ Link to this message    Send private message to this user   
First make an own folder to HijackThis and put it there for example C:\Hjt

Open HijackThis, do a system scan only and check these:

O4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\mplay64.exe /noerrorinfo
O4 - HKLM\..\Run: [Msdmxm] c:\windows\system32\msdmxm.exe /nocomm
O4 - HKLM\..\Run: [ms1src] c:\program files\common files\system\ms1src.exe /install


Close all open windows and click fix cheked.

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Then go to safe mode and delete these files or folders (if found):
http://www.pchell.com/support/safemode.shtml

c:\program files\common files\->system
c:\windows\system32\->msdmxm.exe

Then boot back to normal mode and post a new HijackThis log.
[ + quote]
dbarre14
Newbie
_ 		16. June 2006 @ 01:29 _ Link to this message    Send private message to this user   
here is the HijackThis log.
Logfile of HijackThis v1.99.1
Scan saved at 10:25:25, on 16/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\PspContr.Exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\David Barret.DAVID-B9T5Z74OE.000\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - E:\System\mnyviewer.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [hcwPVRReset] C:\PROGRA~1\WINTV\hcwP1Utl.exe -Quiet -ResetHardware -NotifyResetFailure -KeepTrying
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [WinCast] F:\SETUP.EXE -leng
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WINTV\Ir.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?64eefd9036c3476996fe9076eac07e9d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?64eefd9036c3476996fe9076eac07e9d
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions...
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://G:\SuperCD\IntraLaunch.CAB
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

Hope this gives you the information you need. Thanks again.
Halfback.
[ + quote]
halfback
Jurppis
Senior Member
_ 		16. June 2006 @ 07:57 _ Link to this message    Send private message to this user   
Log looks clean. Do you still have problems?
[ + quote]
Advertisement
_ 		__
 
_
dbarre14
Newbie
_ 		16. June 2006 @ 08:13 _ Link to this message    Send private message to this user   
Not today. So far everything seems ok. Let's hope it stays that way. Many thanks for your help.
Halfback.
[ + quote]
halfback
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > w32.myzor.fk@yf
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork