Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixer and Aurora [CLOSED]


  • This topic is locked This topic is locked

#1
Mami

Mami

    Member

  • Member
  • PipPip
  • 18 posts
I have tried to delete the "hosts" file, but it comes right back!

Please refer to the following logfile:
***

Logfile of HijackThis v1.99.1
Scan saved at 21:00:14, on 6-8-2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
c:\norman\win32\nvcsrv.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
c:\norman\win32\nvcpopup.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Gqtfy\Trquocp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\apisvc.exe
C:\WINDOWS\System32\secserv.exe
C:\WINDOWS\System32\apisvc.exe
C:\WINDOWS\system\kvjesnojm.exe
C:\WINDOWS\System32\secserv.exe
C:\WINDOWS\System32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\1043\msoffice.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\chris\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.tinybar.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\chris\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Wanadoo Cable v1.3c NL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.31.81.22 www.google.ae
O1 - Hosts: 69.31.81.22 www.google.am
O1 - Hosts: 69.31.81.22 www.google.as
O1 - Hosts: 69.31.81.22 www.google.at
O1 - Hosts: 69.31.81.22 www.google.az
O1 - Hosts: 69.31.81.22 www.google.be
O1 - Hosts: 69.31.81.22 www.google.bi
O1 - Hosts: 69.31.81.22 www.google.ca
O1 - Hosts: 69.31.81.22 www.google.cd
O1 - Hosts: 69.31.81.22 www.google.cg
O1 - Hosts: 69.31.81.22 www.google.ch
O1 - Hosts: 69.31.81.22 www.google.ci
O1 - Hosts: 69.31.81.22 www.google.cl
O1 - Hosts: 69.31.81.22 www.google.co.cr
O1 - Hosts: 69.31.81.22 www.google.co.hu
O1 - Hosts: 69.31.81.22 www.google.co.il
O1 - Hosts: 69.31.81.22 www.google.co.in
O1 - Hosts: 69.31.81.22 www.google.co.je
O1 - Hosts: 69.31.81.22 www.google.co.jp
O1 - Hosts: 69.31.81.22 www.google.co.ke
O1 - Hosts: 69.31.81.22 www.google.co.kr
O1 - Hosts: 69.31.81.22 www.google.co.ls
O1 - Hosts: 69.31.81.22 www.google.co.nz
O1 - Hosts: 69.31.81.22 www.google.co.th
O1 - Hosts: 69.31.81.22 www.google.co.ug
O1 - Hosts: 69.31.81.22 www.google.co.uk
O1 - Hosts: 69.31.81.22 www.google.co.ve
O1 - Hosts: 69.31.81.22 www.google.com
O1 - Hosts: 69.31.81.22 www.google.com.ag
O1 - Hosts: 69.31.81.22 www.google.com.ar
O1 - Hosts: 69.31.81.22 www.google.com.au
O1 - Hosts: 69.31.81.22 www.google.com.br
O1 - Hosts: 69.31.81.22 www.google.com.co
O1 - Hosts: 69.31.81.22 www.google.com.cu
O1 - Hosts: 69.31.81.22 www.google.com.do
O1 - Hosts: 69.31.81.22 www.google.com.ec
O1 - Hosts: 69.31.81.22 www.google.com.fj
O1 - Hosts: 69.31.81.22 www.google.com.gi
O1 - Hosts: 69.31.81.22 www.google.com.gr
O1 - Hosts: 69.31.81.22 www.google.com.gt
O1 - Hosts: 69.31.81.22 www.google.com.hk
O1 - Hosts: 69.31.81.22 www.google.com.ly
O1 - Hosts: 69.31.81.22 www.google.com.mt
O1 - Hosts: 69.31.81.22 www.google.com.mx
O1 - Hosts: 69.31.81.22 www.google.com.my
O1 - Hosts: 69.31.81.22 www.google.com.na
O1 - Hosts: 69.31.81.22 www.google.com.nf
O1 - Hosts: 69.31.81.22 www.google.com.ni
O1 - Hosts: 69.31.81.22 www.google.com.np
O1 - Hosts: 69.31.81.22 www.google.com.pa
O1 - Hosts: 69.31.81.22 www.google.com.pe
O1 - Hosts: 69.31.81.22 www.google.com.ph
O1 - Hosts: 69.31.81.22 www.google.com.pk
O1 - Hosts: 69.31.81.22 www.google.com.pr
O1 - Hosts: 69.31.81.22 www.google.com.py
O1 - Hosts: 69.31.81.22 www.google.com.sa
O1 - Hosts: 69.31.81.22 www.google.com.sg
O1 - Hosts: 69.31.81.22 www.google.com.sv
O1 - Hosts: 69.31.81.22 www.google.com.tr
O1 - Hosts: 69.31.81.22 www.google.com.tw
O1 - Hosts: 69.31.81.22 www.google.com.ua
O1 - Hosts: 69.31.81.22 www.google.com.uy
O1 - Hosts: 69.31.81.22 www.google.com.vc
O1 - Hosts: 69.31.81.22 www.google.com.vn
O1 - Hosts: 69.31.81.22 www.google.de
O1 - Hosts: 69.31.81.22 www.google.dj
O1 - Hosts: 69.31.81.22 www.google.dk
O1 - Hosts: 69.31.81.22 www.google.es
O1 - Hosts: 69.31.81.22 www.google.fi
O1 - Hosts: 69.31.81.22 www.google.fm
O1 - Hosts: 69.31.81.22 www.google.fr
O1 - Hosts: 69.31.81.22 www.google.gg
O1 - Hosts: 69.31.81.22 www.google.gl
O1 - Hosts: 69.31.81.22 www.google.gm
O1 - Hosts: 69.31.81.22 www.google.hn
O1 - Hosts: 69.31.81.22 www.google.ie
O1 - Hosts: 69.31.81.22 www.google.it
O1 - Hosts: 69.31.81.22 www.google.kz
O1 - Hosts: 69.31.81.22 www.google.li
O1 - Hosts: 69.31.81.22 www.google.lt
O1 - Hosts: 69.31.81.22 www.google.lu
O1 - Hosts: 69.31.81.22 www.google.lv
O1 - Hosts: 69.31.81.22 www.google.mn
O1 - Hosts: 69.31.81.22 www.google.ms
O1 - Hosts: 69.31.81.22 www.google.mu
O1 - Hosts: 69.31.81.22 www.google.mw
O1 - Hosts: 69.31.81.22 www.google.nl
O1 - Hosts: 69.31.81.22 www.google.no
O1 - Hosts: 69.31.81.22 www.google.off.ai
O1 - Hosts: 69.31.81.22 www.google.pl
O1 - Hosts: 69.31.81.22 www.google.pn
O1 - Hosts: 69.31.81.22 www.google.pt
O1 - Hosts: 69.31.81.22 www.google.ro
O1 - Hosts: 69.31.81.22 www.google.ru
O1 - Hosts: 69.31.81.22 www.google.rw
O1 - Hosts: 69.31.81.22 www.google.se
O1 - Hosts: 69.31.81.22 www.google.sh
O1 - Hosts: 69.31.81.22 www.google.sk
O1 - Hosts: 69.31.81.22 www.google.sm
O1 - Hosts: 69.31.81.22 www.google.td
O1 - Hosts: 69.31.81.22 www.google.tm
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\chris\LOCALS~1\Temp\kderqpirspc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [SZMsgSvc.exe] C:\Program Files\STOPzilla!\SZMsgSvc.exe
O4 - HKLM\..\Run: [Casema Installatie] D:\Install\casema.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Anon2005] C:\Program Files\Anonymizer\Anon2005\Anon2005.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [Yeeyu] C:\Program Files\Gqtfy\Trquocp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [I1B8Gv4s] C:\WINDOWS\ocqlhsi.exe
O4 - HKLM\..\Run: [Traybar] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [sF9f35g] dvdcp.exe
O4 - HKLM\..\Run: [pdiufa] c:\windows\system32\laalhjc.exe r
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKLM\..\Run: [PSGuard spyware remover] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\jolnaa.exe reg_run
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Vanisher] C:\Documents and Settings\chris\Bureaublad\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program Files\Anonymizer\Anti-Spyware\AnonAntiSpyware.exe /BOOT
O4 - HKCU\..\Run: [doqpRRM7U] aaaomcx.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Winipcfg - {A9F12806-7B5B-4FFE-9BE7-C42518ED52C3} - C:\WINDOWS\Winipcfg.exe (file missing) (HKCU)
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...tzip/RdxIE2.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c...ymmapi_0727.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streaming...MINIBrowser.CAB
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O18 - Protocol: bw+0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7A4F6ABA-45F2-4AE0-BA3C-0EC88EC341B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\System32\qlink32.dll
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\sKmlib.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing)
O23 - Service: Norman Virus Control (NvcSrv) - Unknown owner - c:\norman\win32\nvcsrv.exe

***

Thanks for the help in advance!

Edited by Mami, 07 August 2005 - 02:23 AM.

  • 0

Advertisements


#2
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
What a spyware :tazz:

I see you are using AdwareAlert and Spyware Vanisher. They are "Spyware removers" of dubious repute - see Spyware Warrior's Rogue List. So I highly recommend to un-install them!

I also see you are using Logitech Desktop Manager. If you don't use that program please uninstall it too.


Start--> Control Panel--> Add or Remove Programs--> Uninstall (if found) any instances of:
AdwareAlert
Spyware Vanisher
Logitech Desktop Manager
(if you don't use it)
Windows AFA Internet Enhancement
(if it exists)

Then reboot your computer.

-------------------------------------


Download CWShredder

Download SpSeHjfix.zip to the desktop. Then right click on the desktop and select new >folder, name it spfix unzip SpSeHjfix.zip into the new folder.

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

Once it is finished, run CWShredder - Hit The FIX button!

Reboot and then move to the next part of the fix

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.

-----------------------------------------

Download CCleaner and install it. (Please do not run the CCleaner utility yet.)

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Scan again with HijackThis and check the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.tinybar.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\chris\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 69.31.81.22 www.google.ae
O1 - Hosts: 69.31.81.22 www.google.am
O1 - Hosts: 69.31.81.22 www.google.as
O1 - Hosts: 69.31.81.22 www.google.at
O1 - Hosts: 69.31.81.22 www.google.az
O1 - Hosts: 69.31.81.22 www.google.be
O1 - Hosts: 69.31.81.22 www.google.bi
O1 - Hosts: 69.31.81.22 www.google.ca
O1 - Hosts: 69.31.81.22 www.google.cd
O1 - Hosts: 69.31.81.22 www.google.cg
O1 - Hosts: 69.31.81.22 www.google.ch
O1 - Hosts: 69.31.81.22 www.google.ci
O1 - Hosts: 69.31.81.22 www.google.cl
O1 - Hosts: 69.31.81.22 www.google.co.cr
O1 - Hosts: 69.31.81.22 www.google.co.hu
O1 - Hosts: 69.31.81.22 www.google.co.il
O1 - Hosts: 69.31.81.22 www.google.co.in
O1 - Hosts: 69.31.81.22 www.google.co.je
O1 - Hosts: 69.31.81.22 www.google.co.jp
O1 - Hosts: 69.31.81.22 www.google.co.ke
O1 - Hosts: 69.31.81.22 www.google.co.kr
O1 - Hosts: 69.31.81.22 www.google.co.ls
O1 - Hosts: 69.31.81.22 www.google.co.nz
O1 - Hosts: 69.31.81.22 www.google.co.th
O1 - Hosts: 69.31.81.22 www.google.co.ug
O1 - Hosts: 69.31.81.22 www.google.co.uk
O1 - Hosts: 69.31.81.22 www.google.co.ve
O1 - Hosts: 69.31.81.22 www.google.com
O1 - Hosts: 69.31.81.22 www.google.com.ag
O1 - Hosts: 69.31.81.22 www.google.com.ar
O1 - Hosts: 69.31.81.22 www.google.com.au
O1 - Hosts: 69.31.81.22 www.google.com.br
O1 - Hosts: 69.31.81.22 www.google.com.co
O1 - Hosts: 69.31.81.22 www.google.com.cu
O1 - Hosts: 69.31.81.22 www.google.com.do
O1 - Hosts: 69.31.81.22 www.google.com.ec
O1 - Hosts: 69.31.81.22 www.google.com.fj
O1 - Hosts: 69.31.81.22 www.google.com.gi
O1 - Hosts: 69.31.81.22 www.google.com.gr
O1 - Hosts: 69.31.81.22 www.google.com.gt
O1 - Hosts: 69.31.81.22 www.google.com.hk
O1 - Hosts: 69.31.81.22 www.google.com.ly
O1 - Hosts: 69.31.81.22 www.google.com.mt
O1 - Hosts: 69.31.81.22 www.google.com.mx
O1 - Hosts: 69.31.81.22 www.google.com.my
O1 - Hosts: 69.31.81.22 www.google.com.na
O1 - Hosts: 69.31.81.22 www.google.com.nf
O1 - Hosts: 69.31.81.22 www.google.com.ni
O1 - Hosts: 69.31.81.22 www.google.com.np
O1 - Hosts: 69.31.81.22 www.google.com.pa
O1 - Hosts: 69.31.81.22 www.google.com.pe
O1 - Hosts: 69.31.81.22 www.google.com.ph
O1 - Hosts: 69.31.81.22 www.google.com.pk
O1 - Hosts: 69.31.81.22 www.google.com.pr
O1 - Hosts: 69.31.81.22 www.google.com.py
O1 - Hosts: 69.31.81.22 www.google.com.sa
O1 - Hosts: 69.31.81.22 www.google.com.sg
O1 - Hosts: 69.31.81.22 www.google.com.sv
O1 - Hosts: 69.31.81.22 www.google.com.tr
O1 - Hosts: 69.31.81.22 www.google.com.tw
O1 - Hosts: 69.31.81.22 www.google.com.ua
O1 - Hosts: 69.31.81.22 www.google.com.uy
O1 - Hosts: 69.31.81.22 www.google.com.vc
O1 - Hosts: 69.31.81.22 www.google.com.vn
O1 - Hosts: 69.31.81.22 www.google.de
O1 - Hosts: 69.31.81.22 www.google.dj
O1 - Hosts: 69.31.81.22 www.google.dk
O1 - Hosts: 69.31.81.22 www.google.es
O1 - Hosts: 69.31.81.22 www.google.fi
O1 - Hosts: 69.31.81.22 www.google.fm
O1 - Hosts: 69.31.81.22 www.google.fr
O1 - Hosts: 69.31.81.22 www.google.gg
O1 - Hosts: 69.31.81.22 www.google.gl
O1 - Hosts: 69.31.81.22 www.google.gm
O1 - Hosts: 69.31.81.22 www.google.hn
O1 - Hosts: 69.31.81.22 www.google.ie
O1 - Hosts: 69.31.81.22 www.google.it
O1 - Hosts: 69.31.81.22 www.google.kz
O1 - Hosts: 69.31.81.22 www.google.li
O1 - Hosts: 69.31.81.22 www.google.lt
O1 - Hosts: 69.31.81.22 www.google.lu
O1 - Hosts: 69.31.81.22 www.google.lv
O1 - Hosts: 69.31.81.22 www.google.mn
O1 - Hosts: 69.31.81.22 www.google.ms
O1 - Hosts: 69.31.81.22 www.google.mu
O1 - Hosts: 69.31.81.22 www.google.mw
O1 - Hosts: 69.31.81.22 www.google.nl
O1 - Hosts: 69.31.81.22 www.google.no
O1 - Hosts: 69.31.81.22 www.google.off.ai
O1 - Hosts: 69.31.81.22 www.google.pl
O1 - Hosts: 69.31.81.22 www.google.pn
O1 - Hosts: 69.31.81.22 www.google.pt
O1 - Hosts: 69.31.81.22 www.google.ro
O1 - Hosts: 69.31.81.22 www.google.ru
O1 - Hosts: 69.31.81.22 www.google.rw
O1 - Hosts: 69.31.81.22 www.google.se
O1 - Hosts: 69.31.81.22 www.google.sh
O1 - Hosts: 69.31.81.22 www.google.sk
O1 - Hosts: 69.31.81.22 www.google.sm
O1 - Hosts: 69.31.81.22 www.google.td
O1 - Hosts: 69.31.81.22 www.google.tm
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\chris\LOCALS~1\Temp\kderqpirspc.dll
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [Yeeyu] C:\Program Files\Gqtfy\Trquocp.exe
O4 - HKLM\..\Run: [I1B8Gv4s] C:\WINDOWS\ocqlhsi.exe
O4 - HKLM\..\Run: [Traybar] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [sF9f35g] dvdcp.exe
O4 - HKLM\..\Run: [pdiufa] c:\windows\system32\laalhjc.exe r
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKLM\..\Run: [PSGuard spyware remover] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\jolnaa.exe reg_run
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\Documents and Settings\chris\Bureaublad\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program Files\Anonymizer\Anti-Spyware\AnonAntiSpyware.exe /BOOT
O4 - HKCU\..\Run: [doqpRRM7U] aaaomcx.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O13 - WWW. Prefix: http://
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...tzip/RdxIE2.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\System32\qlink32.dll
O18 - Filter: text/plain - (no CLSID) - (no file)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Make sure all hidden files and folders are visible (Instructions )
Reboot your computer into safe mode (Instructions)

Find and delete these files and folders (if they are still there):
Files:
C:\WINDOWS\lsass.exe (Make sure you delete the right Isass.exe)
C:\Documents and Settings\chris\Bureaublad\FreeScanner.exe
C:\WINDOWS\System\WINSTA~1.EXE
C:\WINDOWS\System32\internat.exe
C:\WINDOWS\System32\secserv.exe
C:\WINDOWS\System32\qlink32.dll
C:\WINDOWS\System32\apisvc.exe
C:\WINDOWS\System32\jolnaa.exe
C:\WINDOWS\etb\pokapoka62.exe
c:\windows\system32\laalhjc.exe
C:\WINDOWS\web\related.htm
C:\WINDOWS\VCMnet11.exe
C:\WINDOWS\ocqlhsi.exe

Folders:
C:\Program Files\AdwareAlert
C:\Program Files\Anonymizer
C:\Program Files\PSGuard
C:\Program Files\Gqtfy

Start CCleaner, click Run CCleaner (bottom right)

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Reboot back into Windows then please post a new HijackThis Log, and the Ewido Log by using Add Reply.
Let us know if any problems persist.

Edited by didom, 07 August 2005 - 06:41 AM.

  • 0

#3
Mami

Mami

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I'm back... They cut off the Internet connection due to the amount of virusses and spyware that was spreading from this particular computer.

I followed your steps, but the Shredder didn't seem to work, so I went on to continue the other steps. Also, the Anonymizer is a program we do use, so I could not delete it either. Perhaps I will have to look at it and delete only the so-called "Anti-Spyware" part of it.

After a new HijackThis-log, I noticed not much has changed, so I do not think this is over yet...
Also, the PSGuard is still on here somehow, as I could see it in my bar on the bottom right...

HijackThislog:
***
Logfile of HijackThis v1.99.1
Scan saved at 15:33:03, on 9-8-2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\norman\win32\nvcsrv.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
c:\norman\win32\nvcpopup.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\apisvc.exe
C:\WINDOWS\System32\apisvc.exe
C:\WINDOWS\System32\secserv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\secserv.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\1043\msoffice.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\chris\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\chris\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Wanadoo Cable v1.3c NL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O1 - Hosts: 69.31.81.22 www.google.ae
O1 - Hosts: 69.31.81.22 www.google.am
O1 - Hosts: 69.31.81.22 www.google.as
O1 - Hosts: 69.31.81.22 www.google.at
O1 - Hosts: 69.31.81.22 www.google.az
O1 - Hosts: 69.31.81.22 www.google.be
O1 - Hosts: 69.31.81.22 www.google.bi
O1 - Hosts: 69.31.81.22 www.google.ca
O1 - Hosts: 69.31.81.22 www.google.cd
O1 - Hosts: 69.31.81.22 www.google.cg
O1 - Hosts: 69.31.81.22 www.google.ch
O1 - Hosts: 69.31.81.22 www.google.ci
O1 - Hosts: 69.31.81.22 www.google.cl
O1 - Hosts: 69.31.81.22 www.google.co.cr
O1 - Hosts: 69.31.81.22 www.google.co.hu
O1 - Hosts: 69.31.81.22 www.google.co.il
O1 - Hosts: 69.31.81.22 www.google.co.in
O1 - Hosts: 69.31.81.22 www.google.co.je
O1 - Hosts: 69.31.81.22 www.google.co.jp
O1 - Hosts: 69.31.81.22 www.google.co.ke
O1 - Hosts: 69.31.81.22 www.google.co.kr
O1 - Hosts: 69.31.81.22 www.google.co.ls
O1 - Hosts: 69.31.81.22 www.google.co.nz
O1 - Hosts: 69.31.81.22 www.google.co.th
O1 - Hosts: 69.31.81.22 www.google.co.ug
O1 - Hosts: 69.31.81.22 www.google.co.uk
O1 - Hosts: 69.31.81.22 www.google.co.ve
O1 - Hosts: 69.31.81.22 www.google.com
O1 - Hosts: 69.31.81.22 www.google.com.ag
O1 - Hosts: 69.31.81.22 www.google.com.ar
O1 - Hosts: 69.31.81.22 www.google.com.au
O1 - Hosts: 69.31.81.22 www.google.com.br
O1 - Hosts: 69.31.81.22 www.google.com.co
O1 - Hosts: 69.31.81.22 www.google.com.cu
O1 - Hosts: 69.31.81.22 www.google.com.do
O1 - Hosts: 69.31.81.22 www.google.com.ec
O1 - Hosts: 69.31.81.22 www.google.com.fj
O1 - Hosts: 69.31.81.22 www.google.com.gi
O1 - Hosts: 69.31.81.22 www.google.com.gr
O1 - Hosts: 69.31.81.22 www.google.com.gt
O1 - Hosts: 69.31.81.22 www.google.com.hk
O1 - Hosts: 69.31.81.22 www.google.com.ly
O1 - Hosts: 69.31.81.22 www.google.com.mt
O1 - Hosts: 69.31.81.22 www.google.com.mx
O1 - Hosts: 69.31.81.22 www.google.com.my
O1 - Hosts: 69.31.81.22 www.google.com.na
O1 - Hosts: 69.31.81.22 www.google.com.nf
O1 - Hosts: 69.31.81.22 www.google.com.ni
O1 - Hosts: 69.31.81.22 www.google.com.np
O1 - Hosts: 69.31.81.22 www.google.com.pa
O1 - Hosts: 69.31.81.22 www.google.com.pe
O1 - Hosts: 69.31.81.22 www.google.com.ph
O1 - Hosts: 69.31.81.22 www.google.com.pk
O1 - Hosts: 69.31.81.22 www.google.com.pr
O1 - Hosts: 69.31.81.22 www.google.com.py
O1 - Hosts: 69.31.81.22 www.google.com.sa
O1 - Hosts: 69.31.81.22 www.google.com.sg
O1 - Hosts: 69.31.81.22 www.google.com.sv
O1 - Hosts: 69.31.81.22 www.google.com.tr
O1 - Hosts: 69.31.81.22 www.google.com.tw
O1 - Hosts: 69.31.81.22 www.google.com.ua
O1 - Hosts: 69.31.81.22 www.google.com.uy
O1 - Hosts: 69.31.81.22 www.google.com.vc
O1 - Hosts: 69.31.81.22 www.google.com.vn
O1 - Hosts: 69.31.81.22 www.google.de
O1 - Hosts: 69.31.81.22 www.google.dj
O1 - Hosts: 69.31.81.22 www.google.dk
O1 - Hosts: 69.31.81.22 www.google.es
O1 - Hosts: 69.31.81.22 www.google.fi
O1 - Hosts: 69.31.81.22 www.google.fm
O1 - Hosts: 69.31.81.22 www.google.fr
O1 - Hosts: 69.31.81.22 www.google.gg
O1 - Hosts: 69.31.81.22 www.google.gl
O1 - Hosts: 69.31.81.22 www.google.gm
O1 - Hosts: 69.31.81.22 www.google.hn
O1 - Hosts: 69.31.81.22 www.google.ie
O1 - Hosts: 69.31.81.22 www.google.it
O1 - Hosts: 69.31.81.22 www.google.kz
O1 - Hosts: 69.31.81.22 www.google.li
O1 - Hosts: 69.31.81.22 www.google.lt
O1 - Hosts: 69.31.81.22 www.google.lu
O1 - Hosts: 69.31.81.22 www.google.lv
O1 - Hosts: 69.31.81.22 www.google.mn
O1 - Hosts: 69.31.81.22 www.google.ms
O1 - Hosts: 69.31.81.22 www.google.mu
O1 - Hosts: 69.31.81.22 www.google.mw
O1 - Hosts: 69.31.81.22 www.google.nl
O1 - Hosts: 69.31.81.22 www.google.no
O1 - Hosts: 69.31.81.22 www.google.off.ai
O1 - Hosts: 69.31.81.22 www.google.pl
O1 - Hosts: 69.31.81.22 www.google.pn
O1 - Hosts: 69.31.81.22 www.google.pt
O1 - Hosts: 69.31.81.22 www.google.ro
O1 - Hosts: 69.31.81.22 www.google.ru
O1 - Hosts: 69.31.81.22 www.google.rw
O1 - Hosts: 69.31.81.22 www.google.se
O1 - Hosts: 69.31.81.22 www.google.sh
O1 - Hosts: 69.31.81.22 www.google.sk
O1 - Hosts: 69.31.81.22 www.google.sm
O1 - Hosts: 69.31.81.22 www.google.td
O1 - Hosts: 69.31.81.22 www.google.tm
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\chris\LOCALS~1\Temp\qjofwtyhefa.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SZMsgSvc.exe] C:\Program Files\STOPzilla!\SZMsgSvc.exe
O4 - HKLM\..\Run: [Casema Installatie] D:\Install\casema.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Anon2005] C:\Program Files\Anonymizer\Anon2005\Anon2005.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Winipcfg - {A9F12806-7B5B-4FFE-9BE7-C42518ED52C3} - C:\WINDOWS\Winipcfg.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c...ymmapi_0727.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streaming...MINIBrowser.CAB
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing)
O23 - Service: Norman Virus Control (NvcSrv) - Unknown owner - c:\norman\win32\nvcsrv.exe
***

And this is the Ewidolog:
***
---------------------------------------------------------
ewido security suite - Scan rapport
---------------------------------------------------------

+ Gemaakt op: 15:24:37, 9-8-2005
+ Rapport samenvatting: EC2276F0

+ Scan resultaten:

HKLM\SOFTWARE\Classes\BDESmartInstaller.BDESmartInstaller -> Spyware.BrilliantDigital : Schoongemaakt met een backup
HKLM\SOFTWARE\Classes\BDESmartInstaller.BDESmartInstaller\CurVer -> Spyware.BrilliantDigital : Schoongemaakt met een backup
HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Schoongemaakt met een backup
HKLM\SOFTWARE\Classes\CLSID\{5483427F-93B8-1470-5A89-E6B56484CDB2} -> Spyware.CoolWebSearch : Schoongemaakt met een backup
HKLM\SOFTWARE\Classes\CLSID\{67925165-C4B6-11D2-B9C6-0000E84F59A6} -> Spyware.BrilliantDigital : Schoongemaakt met een backup
HKLM\SOFTWARE\Classes\CLSID\{954814C0-40F3-4249-8528-B4922CD2964E} -> Spyware.HotBar : Schoongemaakt met een backup
HKLM\SOFTWARE\Classes\CLSID\{A54814C0-40F3-4249-8528-B4922CD2964E} -> Spyware.HotBar : Schoongemaakt met een backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5483427F-93B8-1470-5A89-E6B56484CDB2} -> Spyware.CoolWebSearch : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\Harry Potter.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\Harry Potter.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\Harry Potter.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\ICQ 4 Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\ICQ 4 Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\ICQ 4 Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\index.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\index.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\index.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\Kazaa Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\Kazaa Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\Kazaa Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\Harry Potter.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\Harry Potter.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\ICQ 4 Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\ICQ 4 Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\index.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\index.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\index.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\Kazaa Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\Kazaa Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\Kazaa Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\Winamp 5.0 (en) Crack.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\Winamp 5.0 (en) Crack.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\Winamp 5.0 (en) Crack.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\Winamp 5.0 (en).com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\Winamp 5.0 (en).exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\Winamp 5.0 (en).ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\WinRAR.v.3.2.and.key.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\WinRAR.v.3.2.and.key.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\localhost\WinRAR.v.3.2.and.key.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\Harry Potter.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\Harry Potter.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\Harry Potter.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\ICQ 4 Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\ICQ 4 Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\ICQ 4 Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\index.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\index.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\index.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\Kazaa Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\Kazaa Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\Harry Potter.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\Harry Potter.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\Harry Potter.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\Harry Potter.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\Harry Potter.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\Harry Potter.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\Harry Potter.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\Harry Potter.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\ICQ 4 Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\ICQ 4 Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\ICQ 4 Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\index.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\index.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\index.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\Kazaa Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\Kazaa Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\Kazaa Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\Winamp 5.0 (en) Crack.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\Winamp 5.0 (en) Crack.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\Winamp 5.0 (en) Crack.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\Winamp 5.0 (en).exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\Winamp 5.0 (en).ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\WinRAR.v.3.2.and.key.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\WinRAR.v.3.2.and.key.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\header.swf\WinRAR.v.3.2.and.key.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\ICQ 4 Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\ICQ 4 Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\ICQ 4 Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\index.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\index.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\index.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\Kazaa Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\Kazaa Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\Kazaa Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\Winamp 5.0 (en) Crack.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\Winamp 5.0 (en) Crack.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\Winamp 5.0 (en) Crack.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\Winamp 5.0 (en).com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\Winamp 5.0 (en).ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\WinRAR.v.3.2.and.key.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\WinRAR.v.3.2.and.key.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\header\WinRAR.v.3.2.and.key.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\ICQ 4 Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\ICQ 4 Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\index.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\index.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\Kazaa Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\Kazaa Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\Kazaa Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\Winamp 5.0 (en) Crack.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\Winamp 5.0 (en) Crack.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\Winamp 5.0 (en) Crack.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\Winamp 5.0 (en).com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\Winamp 5.0 (en).exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\Winamp 5.0 (en).ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\WinRAR.v.3.2.and.key.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\flash\WinRAR.v.3.2.and.key.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\Harry Potter.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\Harry Potter.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\Harry Potter.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\ICQ 4 Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\ICQ 4 Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\ICQ 4 Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\index.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\index.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\index.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\Kazaa Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\Kazaa Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\Kazaa Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\Winamp 5.0 (en) Crack.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\Winamp 5.0 (en) Crack.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\Winamp 5.0 (en) Crack.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\Winamp 5.0 (en).com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\Winamp 5.0 (en).exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\Winamp 5.0 (en).ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\WinRAR.v.3.2.and.key.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\WinRAR.v.3.2.and.key.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\static\WinRAR.v.3.2.and.key.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\Winamp 5.0 (en) Crack.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\Winamp 5.0 (en) Crack.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\Winamp 5.0 (en).com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\Winamp 5.0 (en).exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\Winamp 5.0 (en).ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\WinRAR.v.3.2.and.key.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\WinRAR.v.3.2.and.key.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\thebox.nl\WinRAR.v.3.2.and.key.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\Winamp 5.0 (en) Crack.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\Winamp 5.0 (en) Crack.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\Winamp 5.0 (en) Crack.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\Winamp 5.0 (en).com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\Winamp 5.0 (en).exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\Winamp 5.0 (en).ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\WinRAR.v.3.2.and.key.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\WinRAR.v.3.2.and.key.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\69TAPPE9\WinRAR.v.3.2.and.key.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\Harry Potter.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\Harry Potter.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\Harry Potter.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\ICQ 4 Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\ICQ 4 Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\ICQ 4 Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\index.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\index.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\index.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\Kazaa Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\Kazaa Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\Kazaa Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\Winamp 5.0 (en) Crack.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\Winamp 5.0 (en) Crack.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\Winamp 5.0 (en).com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\Winamp 5.0 (en).exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\Winamp 5.0 (en).ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WinRAR.v.3.2.and.key.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WinRAR.v.3.2.and.key.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\WinRAR.v.3.2.and.key.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i3l8ejve.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i3l8ejve.default\cookies.txt -> Spyware.Cookie.Mediaplex : Schoongemaakt met een backup
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i3l8ejve.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i3l8ejve.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i3l8ejve.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i3l8ejve.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i3l8ejve.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i3l8ejve.default\cookies.txt -> Spyware.Cookie.Questionmarket : Schoongemaakt met een backup
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i3l8ejve.default\cookies.txt -> Spyware.Cookie.Doubleclick : Schoongemaakt met een backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i3l8ejve.default\cookies.txt -> Spyware.Cookie.Atdmt : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Harry Potter.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Harry Potter.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Harry Potter.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\ICQ 4 Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\ICQ 4 Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\ICQ 4 Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\index.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\index.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\index.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Kazaa Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Kazaa Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Winamp 5.0 (en) Crack.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Winamp 5.0 (en) Crack.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Winamp 5.0 (en) Crack.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Winamp 5.0 (en).com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Winamp 5.0 (en).exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Winamp 5.0 (en).ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\WinRAR.v.3.2.and.key.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\WinRAR.v.3.2.and.key.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\WinRAR.v.3.2.and.key.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\Harry Potter.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\Harry Potter.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\ICQ 4 Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\ICQ 4 Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\index.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\index.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\index.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\Kazaa Lite.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\Kazaa Lite.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\Kazaa Lite.ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\Winamp 5.0 (en) Crack.exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\Winamp 5.0 (en).com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\Winamp 5.0 (en).exe -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger\nnsd_sari\shared\Winamp 5.0 (en).ShareReactor.com -> Worm.Mydoom.l : Schoongemaakt met een backup
C:\Documents and Settings\
  • 0

#4
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Are you dutch? (Ik wel :tazz: )

You need the Internet connection to download a few programs... you/they can shut it off again after you downloaded them.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Make sure all hidden files and folders are visible (Instructions )

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Scan again with HijackThis and check the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\chris\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O1 - Hosts: 69.31.81.22 www.google.ae
O1 - Hosts: 69.31.81.22 www.google.am
O1 - Hosts: 69.31.81.22 www.google.as
O1 - Hosts: 69.31.81.22 www.google.at
O1 - Hosts: 69.31.81.22 www.google.az
O1 - Hosts: 69.31.81.22 www.google.be
O1 - Hosts: 69.31.81.22 www.google.bi
O1 - Hosts: 69.31.81.22 www.google.ca
O1 - Hosts: 69.31.81.22 www.google.cd
O1 - Hosts: 69.31.81.22 www.google.cg
O1 - Hosts: 69.31.81.22 www.google.ch
O1 - Hosts: 69.31.81.22 www.google.ci
O1 - Hosts: 69.31.81.22 www.google.cl
O1 - Hosts: 69.31.81.22 www.google.co.cr
O1 - Hosts: 69.31.81.22 www.google.co.hu
O1 - Hosts: 69.31.81.22 www.google.co.il
O1 - Hosts: 69.31.81.22 www.google.co.in
O1 - Hosts: 69.31.81.22 www.google.co.je
O1 - Hosts: 69.31.81.22 www.google.co.jp
O1 - Hosts: 69.31.81.22 www.google.co.ke
O1 - Hosts: 69.31.81.22 www.google.co.kr
O1 - Hosts: 69.31.81.22 www.google.co.ls
O1 - Hosts: 69.31.81.22 www.google.co.nz
O1 - Hosts: 69.31.81.22 www.google.co.th
O1 - Hosts: 69.31.81.22 www.google.co.ug
O1 - Hosts: 69.31.81.22 www.google.co.uk
O1 - Hosts: 69.31.81.22 www.google.co.ve
O1 - Hosts: 69.31.81.22 www.google.com
O1 - Hosts: 69.31.81.22 www.google.com.ag
O1 - Hosts: 69.31.81.22 www.google.com.ar
O1 - Hosts: 69.31.81.22 www.google.com.au
O1 - Hosts: 69.31.81.22 www.google.com.br
O1 - Hosts: 69.31.81.22 www.google.com.co
O1 - Hosts: 69.31.81.22 www.google.com.cu
O1 - Hosts: 69.31.81.22 www.google.com.do
O1 - Hosts: 69.31.81.22 www.google.com.ec
O1 - Hosts: 69.31.81.22 www.google.com.fj
O1 - Hosts: 69.31.81.22 www.google.com.gi
O1 - Hosts: 69.31.81.22 www.google.com.gr
O1 - Hosts: 69.31.81.22 www.google.com.gt
O1 - Hosts: 69.31.81.22 www.google.com.hk
O1 - Hosts: 69.31.81.22 www.google.com.ly
O1 - Hosts: 69.31.81.22 www.google.com.mt
O1 - Hosts: 69.31.81.22 www.google.com.mx
O1 - Hosts: 69.31.81.22 www.google.com.my
O1 - Hosts: 69.31.81.22 www.google.com.na
O1 - Hosts: 69.31.81.22 www.google.com.nf
O1 - Hosts: 69.31.81.22 www.google.com.ni
O1 - Hosts: 69.31.81.22 www.google.com.np
O1 - Hosts: 69.31.81.22 www.google.com.pa
O1 - Hosts: 69.31.81.22 www.google.com.pe
O1 - Hosts: 69.31.81.22 www.google.com.ph
O1 - Hosts: 69.31.81.22 www.google.com.pk
O1 - Hosts: 69.31.81.22 www.google.com.pr
O1 - Hosts: 69.31.81.22 www.google.com.py
O1 - Hosts: 69.31.81.22 www.google.com.sa
O1 - Hosts: 69.31.81.22 www.google.com.sg
O1 - Hosts: 69.31.81.22 www.google.com.sv
O1 - Hosts: 69.31.81.22 www.google.com.tr
O1 - Hosts: 69.31.81.22 www.google.com.tw
O1 - Hosts: 69.31.81.22 www.google.com.ua
O1 - Hosts: 69.31.81.22 www.google.com.uy
O1 - Hosts: 69.31.81.22 www.google.com.vc
O1 - Hosts: 69.31.81.22 www.google.com.vn
O1 - Hosts: 69.31.81.22 www.google.de
O1 - Hosts: 69.31.81.22 www.google.dj
O1 - Hosts: 69.31.81.22 www.google.dk
O1 - Hosts: 69.31.81.22 www.google.es
O1 - Hosts: 69.31.81.22 www.google.fi
O1 - Hosts: 69.31.81.22 www.google.fm
O1 - Hosts: 69.31.81.22 www.google.fr
O1 - Hosts: 69.31.81.22 www.google.gg
O1 - Hosts: 69.31.81.22 www.google.gl
O1 - Hosts: 69.31.81.22 www.google.gm
O1 - Hosts: 69.31.81.22 www.google.hn
O1 - Hosts: 69.31.81.22 www.google.ie
O1 - Hosts: 69.31.81.22 www.google.it
O1 - Hosts: 69.31.81.22 www.google.kz
O1 - Hosts: 69.31.81.22 www.google.li
O1 - Hosts: 69.31.81.22 www.google.lt
O1 - Hosts: 69.31.81.22 www.google.lu
O1 - Hosts: 69.31.81.22 www.google.lv
O1 - Hosts: 69.31.81.22 www.google.mn
O1 - Hosts: 69.31.81.22 www.google.ms
O1 - Hosts: 69.31.81.22 www.google.mu
O1 - Hosts: 69.31.81.22 www.google.mw
O1 - Hosts: 69.31.81.22 www.google.nl
O1 - Hosts: 69.31.81.22 www.google.no
O1 - Hosts: 69.31.81.22 www.google.off.ai
O1 - Hosts: 69.31.81.22 www.google.pl
O1 - Hosts: 69.31.81.22 www.google.pn
O1 - Hosts: 69.31.81.22 www.google.pt
O1 - Hosts: 69.31.81.22 www.google.ro
O1 - Hosts: 69.31.81.22 www.google.ru
O1 - Hosts: 69.31.81.22 www.google.rw
O1 - Hosts: 69.31.81.22 www.google.se
O1 - Hosts: 69.31.81.22 www.google.sh
O1 - Hosts: 69.31.81.22 www.google.sk
O1 - Hosts: 69.31.81.22 www.google.sm
O1 - Hosts: 69.31.81.22 www.google.td
O1 - Hosts: 69.31.81.22 www.google.tm
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\chris\LOCALS~1\Temp\qjofwtyhefa.dll
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Find and delete these files and folders (if they are still there):
Files:
C:\WINDOWS\System32\apisvc.exe
C:\WINDOWS\System32\secserv.exe

Folder:
C:\Program Files\PSGuard

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Please run CWShredder, you downloaded before.

Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan.
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt (C:\smitfiles.txt) log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
  • 0

#5
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
We need some more information about this infection, so could you please (before you are going to do the fix above) make a log with Silent Runners:

Download Silent Runners
Unzip it to a permanent folder.
Start SilentRunners.vbs
When your antivirus is giving an alert, do not block this. Allow the script.
Copy and paste the content of the txtfile you get afterwards in your next reply.

After that you can do the fix above!
  • 0

#6
Mami

Mami

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Silent Runners:
***

"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"internat.exe" = "internat.exe" [file not found]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PCTools"]
"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"ANONYMIZER_SPYWAREKILLER" = "C:\Program Files\Anonymizer\Anti-Spyware\AnonAntiSpyware.exe /BOOT" ["Anonymizer.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SystemTray" = "SysTray.Exe" [MS]
"LoadQM" = "loadqm.exe" [MS]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SZMsgSvc.exe" = "C:\Program Files\STOPzilla!\SZMsgSvc.exe" [file not found]
"Casema Installatie" = "D:\Install\casema.exe" [file not found]
"spp" = (empty string)
"WinSP" = (empty string)
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Anon2005" = "C:\Program Files\Anonymizer\Anon2005\Anon2005.exe" ["Anonymizer Inc."]
"LVCOMSX" = "C:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" ["HP"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"HP Software Update" = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"apisvc.exe" = "C:\WINDOWS\System32\apisvc.exe" [null data]
"secserv.exe" = "C:\WINDOWS\System32\secserv.exe" [null data]
"intell32.exe" = "C:\WINDOWS\System32\intell32.exe" [null data]
"GoToMyPC" = "C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon" ["Citrix Online"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{5483427F-93B8-1470-5A89-E6B56484CDB2}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\DOCUME~1\chris\LOCALS~1\Temp\lwhyzyrihaz.dll" [null data]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = "PCTools Site Guard" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = "PCTools Browser Monitor" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Configuratieschermuitbreiding Beeldscherm-panning"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramextensie"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{89292102-4755-11cf-9DC2-00AA006C2B84}" = "Internet Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\mailnews.dll" [file not found]
"{89292103-4755-11cf-9DC2-00AA006C2B84}" = "Internet News"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\SYSTEM\mailnews.dll" [file not found]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SmartFTP\SmartHook.dll" [file not found]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\1043\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\ymmapi.dll" ["Yahoo! Inc."]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{278FD165-0EE3-4958-9276-283EC83102DD}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\QTUI2.dll" [file not found]
"{65FB69FD-BF2E-46D3-BECA-ABC97C207D89}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\arsmib.dll" [file not found]
"{A833AB67-7368-457E-B8BF-249CCD8DDD14}" = "Date Bar"
-> {CLSID}\InProcServer32\(Default) = "C:\DOCUME~1\chris\LOCALS~1\Temp\dbar.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
fqkyttfn\(Default) = "{39e5ff6f-6290-488b-8bb7-d91ddfcdd842}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\jbkao.dll" [file not found]
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {CLSID}\InProcServer32\(Default) = "C:\NORMAN\WIN32\NVCSE.DLL" ["Norman Data Defense Systems"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {CLSID}\InProcServer32\(Default) = "C:\NORMAN\WIN32\NVCSE.DLL" ["Norman Data Defense Systems"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NVC\(Default) = "{D5507020-DB45-11d1-A5F0-00600872F78D}"
-> {CLSID}\InProcServer32\(Default) = "C:\NORMAN\WIN32\NVCSE.DLL" ["Norman Data Defense Systems"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "58 110 165"


Startup items in "chris" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
%SystemRoot%\system32\msafd.dll [MS], 1 - 3
%SystemRoot%\system32\rsvpsp.dll [MS], 4 - 5


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\ycomp5_3_16_0.dll" ["Yahoo! Inc."]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

"{DB264E15-F83B-4603-BFC1-4EA7E3204686}" = "Anonymizer 2005 Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Anonymizer\Anon2005\AnonIEBar.dll" [empty string]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{A833AB67-7368-457E-B8BF-249CCD8DDD14}" = "Date Bar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\DOCUME~1\chris\LOCALS~1\Temp\dbar.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{A9F12806-7B5B-4FFE-9BE7-C42518ED52C3}\
"ButtonText" = "Winipcfg"
"Exec" = "C:\WINDOWS\Winipcfg.exe" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["GuideWorks Pty. Ltd."]

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
"ButtonText" = "Yahoo! Messenger"
"MenuText" = "Yahoo! Messenger"
"Exec" = "C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe" ["Yahoo! Inc."]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.wanadoo.nl

Missing lines (compared with English-language version):
[Strings]: 1 line


HOSTS file
----------

C:\WINDOWS\System32\drivers\etc\HOSTS

maps: 231 domain names to IP addresses,
231 of the IP addresses are *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

COM+-gebeurtenissysteem, EventSystem, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\es.dll" [null data]}
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
GoToMyPC, GoToMyPC, ""C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service" ["Citrix Online"]
Norman Virus Control, NvcSrv, "c:\norman\win32\nvcsrv.exe" [null data]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 168 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 57 seconds.
---------- (total run time: 317 seconds)

***

More postings are coming!
  • 0

#7
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Ok you can go on with the 'normal' fix....

I'll wait for the logs :tazz:
  • 0

#8
Mami

Mami

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Sorry it took so long...

The Disk Cleanup got stuck or something, so I went on with the rest of the steps. Until I got to the Panda online scan, it would not show the page, it looks like it is still loading...

So let me give you what I got so far:

HijackThis:
***
Logfile of HijackThis v1.99.1
Scan saved at 11:08:25, on 20-8-2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
c:\norman\win32\nvcsrv.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
c:\norman\win32\nvcpopup.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Anonymizer\Anon2005\Anon2005.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Anonymizer\Anon2005\AnonProxy.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\1043\msoffice.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\chris\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skyimpact.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Wanadoo Cable v1.3c NL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Date Bar - {A833AB67-7368-457E-B8BF-249CCD8DDD14} - C:\DOCUME~1\chris\LOCALS~1\Temp\dbar.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SZMsgSvc.exe] C:\Program Files\STOPzilla!\SZMsgSvc.exe
O4 - HKLM\..\Run: [Casema Installatie] D:\Install\casema.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Anon2005] C:\Program Files\Anonymizer\Anon2005\Anon2005.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program Files\Anonymizer\Anti-Spyware\AnonAntiSpyware.exe /BOOT
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Winipcfg - {A9F12806-7B5B-4FFE-9BE7-C42518ED52C3} - C:\WINDOWS\Winipcfg.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.nl
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c...ymmapi_0727.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streaming...MINIBrowser.CAB
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/p...at/msnchat4.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...bio5_3_16_0.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing)
O23 - Service: Norman Virus Control (NvcSrv) - Unknown owner - c:\norman\win32\nvcsrv.exe
***

Smitfiles:
***

smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!

ShudderLTD key was successfully removed! :)


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

intell32.exe
oleext.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

wininet.dll INFECTED!! :) Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~



~~~ Upon reboot ~~~

wininet.old present!
oleadm.dll not present!
oleext.dll not present!


~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~


~~~~ C:\WINDOWS\system32\wininet.dll Clean! :) ~~~~
***

Ewido Log:
***
---------------------------------------------------------
ewido security suite - Scan rapport
---------------------------------------------------------

+ Gemaakt op: 23:37:29, 19-8-2005
+ Rapport samenvatting: 174C33DB

+ Scan resultaten:

HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Schoongemaakt met een backup
[276] C:\WINDOWS\System32\OLEEXT.dll -> Trojan.Agent.ff : Schoongemaakt met een backup
[392] C:\WINDOWS\system32\OLEEXT.dll -> Trojan.Agent.ff : Fout gedurende het schoonmake
:mozilla.17:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.18:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.19:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Doubleclick : Schoongemaakt met een backup
:mozilla.21:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.39:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Fastclick : Schoongemaakt met een backup
:mozilla.40:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Fastclick : Schoongemaakt met een backup
:mozilla.41:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Fastclick : Schoongemaakt met een backup
:mozilla.42:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Fastclick : Schoongemaakt met een backup
:mozilla.43:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Fastclick : Schoongemaakt met een backup
:mozilla.44:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Fastclick : Schoongemaakt met een backup
:mozilla.47:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Atdmt : Schoongemaakt met een backup
:mozilla.49:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
:mozilla.50:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
:mozilla.51:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Schoongemaakt met een backup
:mozilla.52:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Falkag : Schoongemaakt met een backup
:mozilla.53:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Falkag : Schoongemaakt met een backup
:mozilla.54:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Falkag : Schoongemaakt met een backup
:mozilla.56:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Mediaplex : Schoongemaakt met een backup
:mozilla.64:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Revenue : Schoongemaakt met een backup
:mozilla.65:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.66:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.67:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.68:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.69:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.70:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.71:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Trafficmp : Schoongemaakt met een backup
:mozilla.72:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Adserver : Schoongemaakt met een backup
:mozilla.73:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Adserver : Schoongemaakt met een backup
:mozilla.75:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Questionmarket : Schoongemaakt met een backup
:mozilla.97:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.100:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.101:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.102:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.103:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.104:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.105:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.106:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.107:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.108:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.109:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.110:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.111:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.112:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.113:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.114:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.115:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.116:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.117:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.118:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.119:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Advertising : Schoongemaakt met een backup
:mozilla.121:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Targetnet : Schoongemaakt met een backup
:mozilla.122:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Targetnet : Schoongemaakt met een backup
:mozilla.128:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Pointroll : Schoongemaakt met een backup
:mozilla.129:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Pointroll : Schoongemaakt met een backup
:mozilla.130:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Pointroll : Schoongemaakt met een backup
:mozilla.131:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Pointroll : Schoongemaakt met een backup
:mozilla.137:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Bluestreak : Schoongemaakt met een backup
:mozilla.144:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
:mozilla.145:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
:mozilla.146:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Casalemedia : Schoongemaakt met een backup
:mozilla.147:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Schoongemaakt met een backup
:mozilla.148:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Schoongemaakt met een backup
:mozilla.160:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Falkag : Schoongemaakt met een backup
:mozilla.161:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Sitestat : Schoongemaakt met een backup
:mozilla.190:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Schoongemaakt met een backup
:mozilla.191:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Schoongemaakt met een backup
:mozilla.192:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
:mozilla.193:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
:mozilla.194:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
:mozilla.204:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
:mozilla.205:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
:mozilla.217:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Liveperson : Schoongemaakt met een backup
:mozilla.218:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Liveperson : Schoongemaakt met een backup
:mozilla.219:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Liveperson : Schoongemaakt met een backup
:mozilla.221:C:\Documents and Settings\chris\Application Data\Mozilla\Firefox\Profiles\zx29x50h.default\cookies.txt -> Spyware.Cookie.Hitbox : Schoongemaakt met een backup
C:\WINDOWS\vjuducsqqk.exe -> Adware.BetterInternet : Schoongemaakt met een backup


::Einde rapport
***

What's wrong with my Internet Explorer (even though mostly I use Firefox) for loading so slow or not even willing to show the page at all?

Thanks again for the help. Just bring me some good news... :tazz:
  • 0

#9
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Ziet er al beter uit :tazz:

Until I got to the Panda online scan, it would not show the page, it looks like it is still loading...

Hmm, I've tested this by myself and found out that it cost a lot of time when the page show up.....
So please be patiently and try it again!

------------------------------------------------------

Click Start>Run, type services.msc into the Open: text box and click the Ok button.
  • In the Services window look for the GoToMyPC service and double-click on it.
  • Click on the Stop button
  • In the Startup type dropdown box select Disabled
  • Click Apply button and then the Ok button.
  • Please run HijackThis and click Config -> Misc Tools -> Delete an NT service.
  • In the Delete window, type GoToMyPC and press OK.
  • OK any prompts, close HijackThis, and restart your computer.

Start--> Control Panel--> Add or Remove Programs--> Uninstall (if found) any instances of:
GoToMyPC

Then reboot your computer.

Scan again with HijackThis and check the following items:

O3 - Toolbar: Date Bar - {A833AB67-7368-457E-B8BF-249CCD8DDD14} - C:\DOCUME~1\chris\LOCALS~1\Temp\dbar.dll (file missing)
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Make sure all hidden files and folders are visible (Instructions )
Reboot your computer into safe mode (Instructions)

Find and delete these files and folders (if they are still there):
C:\Program Files\Citrix <= this folder

Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Reboot your computer back into normal mode.


Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log in your next reply.


Let me know if any problems persist
  • 0

#10
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP