|
|
|
hey guys please help me with this syssecuritysystem.com problem
|
|
|
meong
Suspended due to non-functional email address
|
8. July 2006 @ 02:14 |
Link to this message
|
I've tried Adaware-SE, Mcafee anti-spyware, etc. software but found this one software called "HijackThis" that can solve the problem...thanks!
Logfile of HijackThis v1.99.1
Scan saved at 6:03:26 PM, on 7/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dcomcfg.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\atmclk.exe
C:\Documents and Settings\meong\Desktop\mozilla downloads\hijackthis1991.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.1:1080;gopher=192.168.0.1:80;http=192.168.0.1:80;https=192.168.0.1:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEExtension Class - {1F6FE2C2-6040-4645-9053-7F689AFFE176} - C:\Program Files\VirusBlast\BlastIEmonitor.dll (file missing)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - C:\WINDOWS\System32\vpxnk.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
|
Advertisement
|
  |
|
|
|
meong
Suspended due to non-functional email address
|
8. July 2006 @ 05:20 |
Link to this message
|
i've got rid of the annoying alert such as you're infected blah...blah..you must install anti-spyware software clik hir to get one..at lower-right side of the screen and the annoying pop-ups, but the problem I can't get rid of the www.syssecuritysystem.com in my Internet Explorer...please need some I'm not really god at this type of task thanks to all!!! here are my log files...
i've used Adaware-SE, Mcafee anti-spyware, ewido, HijackThis BUT can't run the SmitfraudFix...help here again please...
by the way here's the log files....
********************************************************************
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:24:58 PM 7/8/2006
+ Scan result:
C:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.xp : No action taken.
:mozilla.127:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.128:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.149:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.159:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.168:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.41:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.42:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.43:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.44:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.45:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.46:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.47:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.48:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.50:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.163:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.164:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.57:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.58:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.59:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.60:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.61:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.81:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.82:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.83:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.84:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.96:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.165:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.166:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.167:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.168:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.169:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.125:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.156:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.157:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.158:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.159:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.281:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.282:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.312:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.76:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.84:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.126:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.24:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.116:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.117:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.118:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.119:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.120:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.72:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.73:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.323:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.103:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.104:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.108:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.109:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.110:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.298:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.299:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.300:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.24:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.171:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.28:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.176:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.177:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.186:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.182:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Paycounter : No action taken.
:mozilla.29:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.30:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.31:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.32:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.26:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.27:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.201:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.215:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.216:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.217:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.218:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.59:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.61:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.28:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Sexlist : No action taken.
:mozilla.36:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.37:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.38:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.39:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.60:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.70:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Sextracker : No action taken.
:mozilla.227:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Spinbox : No action taken.
:mozilla.228:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.229:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.230:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.231:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.232:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.233:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.234:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.121:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.122:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.123:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.124:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.237:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.238:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.244:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.245:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.246:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.247:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.248:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.249:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.250:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.287:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.134:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.149:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.150:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.151:C:\Documents and Settings\myrrhlicious\Application Data\Mozilla\Firefox\Profiles\us7xc6g2.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.268:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.269:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.55:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.56:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.264:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.265:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.266:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\system32\1024 -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld20D7.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2752.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2F99.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld324D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3964.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld434A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4CAF.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5997.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5BF4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6DA8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7F0F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBBA2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCD76.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldDCD9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldED19.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldF61.tmp -> Trojan.Small : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : No action taken.
D:\Recycled\Dd45\revolt.dll -> Trojan.Zapchast : No action taken.
::Report end
**********************************************************************
Logfile of HijackThis v1.99.1
Scan saved at 9:19:38 PM, on 7/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dcomcfg.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\MSMSGS.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\meong\Desktop\mozilla downloads\hijackthis1991.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.1:1080;gopher=192.168.0.1:80;http=192.168.0.1:80;https=192.168.0.1:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEExtension Class - {1F6FE2C2-6040-4645-9053-7F689AFFE176} - C:\Program Files\VirusBlast\BlastIEmonitor.dll (file missing)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - C:\WINDOWS\System32\vpxnk.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
|
|
meong
Suspended due to non-functional email address
|
8. July 2006 @ 09:04 |
Link to this message
|
finally i've already did a scan using smitfraudfix...
this again is the logs please help me guys...
Logfile of HijackThis v1.99.1
Scan saved at 12:16:18 AM, on 7/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dcomcfg.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Messenger\MSMSGS.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\hijackthis1991.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.1:1080;gopher=192.168.0.1:80;http=192.168.0.1:80;https=192.168.0.1:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEExtension Class - {1F6FE2C2-6040-4645-9053-7F689AFFE176} - C:\Program Files\VirusBlast\BlastIEmonitor.dll (file missing)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - C:\WINDOWS\System32\vpxnk.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
***************************************************************************
EWIDO
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:57:17 AM 7/9/2006
+ Scan result:
:mozilla.138:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.159:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.169:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.178:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.53:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.54:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.56:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.57:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.58:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.60:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.61:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.62:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\meong\Cookies\meong@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.67:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.68:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.69:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.70:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.71:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\meong\Cookies\meong@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.282:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.283:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.313:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.86:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.94:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.7:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Cqcounter : No action taken.
:mozilla.38:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\meong\Cookies\meong@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.82:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.83:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.324:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.299:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.300:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.301:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.42:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.184:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.185:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.194:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.190:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Paycounter : No action taken.
:mozilla.43:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.44:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.45:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.46:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.40:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.41:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.209:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.223:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.224:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.225:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.226:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.235:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Spinbox : No action taken.
:mozilla.26:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.27:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.28:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.29:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.30:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.31:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.32:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.238:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.239:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.245:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.246:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.247:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.248:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.249:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.250:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.251:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.288:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.269:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.270:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.65:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.66:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.265:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.266:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.267:C:\Documents and Settings\meong\Application Data\Mozilla\Firefox\Profiles\jc9o0w55.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
::Report end
***************************************************************************
SmitFraudFix v2.68b
Scan done at 0:11:55.65, Sun 07/09/2006
Run from C:\Documents and Settings\meong\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\meong\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\meong\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
|
Senior Member
|
8. July 2006 @ 13:47 |
Link to this message
|
Hi meong
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml
When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.
You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.
The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".
The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.
Tha log is saved to your local diskdrive, usually C:\rapport.txt.
Warning : Running option 2 in a clean computer will delete your desktop wallpaper.
Scan hijack and send a fresh log and rapport.txt
|
|
meong
Suspended due to non-functional email address
|
8. July 2006 @ 17:44 |
Link to this message
|
Thanks Tapiiri for the help, hope it will be ok by now here is the Log file you've asked me...
SmitFraudFix v2.68b
Scan done at 9:34:39.32, Sun 07/09/2006
Run from C:\Documents and Settings\meong\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 9:43:29 AM, on 7/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\hijackthis1991.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.1:1080;gopher=192.168.0.1:80;http=192.168.0.1:80;https=192.168.0.1:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEExtension Class - {1F6FE2C2-6040-4645-9053-7F689AFFE176} - C:\Program Files\VirusBlast\BlastIEmonitor.dll (file missing)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Thanks!
|
Senior Member
|
8. July 2006 @ 23:57 |
Link to this message
|
Hi meong.
As you see Ewido didn't remove anything
-> Open Ewido Anti-Spyware
-> Click the Update icon at the top of the window
-> Click the Start update button
-> Wait for the update to download and install
-> Quit the program, we'll use this later.
Scan hijack and check:
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
Close all programs exept hijack and click fix checked.
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml
Delete
mssecure.exe
Probaly it founds:
C:\WINDOWS\System32\mssecure.exe
-> Open Ewido Anti-Spyware
-> Click the Scanner icon at the top of the window
-> Click the Settings tab then select Recommended Options and choose Quarantine
-> Click the Scan tab
-> Select Complete System Scan. The scanning begins.
-> When the scan has completed:
-> If infections were found you'll be prompted about what to do.
-> Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window)
-> Then press Apply all actions and answer yes to all if it asks about something
-> Click on the Save Scan Report button and save the scan to your Desktop.
-> Copy and paste the scan results into your next post-> Copy and paste the scan results into your next post
|
|
meong
Suspended due to non-functional email address
|
9. July 2006 @ 07:36 |
Link to this message
|
|
Tapiiri tnx for the help, but another problem occured...when i've restarted my computer the system cannot boot to win XP because of the missing "hal.dll" file, i was force to reinstall my XP... will the spyware be deleted? or there are more threats left in my system? help with this please!!tnx in advance!again!
|
|
Advertisement
|
|
|
Senior Member
|
10. July 2006 @ 08:00 |
Link to this message
|
|
What is comps hard drives manyfacturer ?
|
|
