Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Aurora Is Driving Me Crazy [RESOLVED]

Started by Situationeer , Sep 10 2005 12:44 PM

  • This topic is locked This topic is locked

#1
Situationeer
Posted 10 September 2005 - 12:44 PM

Situationeer

    Member

  • Member
  • PipPip
  • 49 posts
Well, my computer has been infected with the malware "Aurora" for at least 2 weeks now, and I have tried every utility I could find to get rid of it. But this is really nasty stuff, so please, please help me get rid of this horrible malware.

My HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:43:29 PM, on 9/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\omsfurq.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Counter Strike\Steam.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\System32\emia.exe
C:\WINDOWS\Explorer.exe
D:\PROGRA~1\Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
D:\Program Files\Win Ace\WinAce.exe
C:\DOCUME~1\Michael\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\WinAmp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kssd4d.exe reg_run
O4 - HKLM\..\Run: [2ab6768d9e73] C:\WINDOWS\System32\bootvid5.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft Anti-Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\System32\newexp
O4 - HKLM\..\Run: [uedyiml] C:\WINDOWS\System32\omsfurq.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] D:\Program Files\Counter Strike\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\ikxrtmgr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  • 0

Advertisements

#2
tampabelle
Posted 14 September 2005 - 06:07 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,


We are sorry to have missed your log due to heavy traffic.

If you still need help, please post back a fresh Hijack This log.

If the problem has been resolved, please let us know.
  • 0

#3
Situationeer
Posted 15 September 2005 - 11:39 AM

Situationeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi, don't even worry about the late response, I'm happy to be helped at all. Here is the updated log.


Logfile of HijackThis v1.99.1
Scan saved at 11:33:24 AM, on 9/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\emia.exe
C:\WINDOWS\System32\ancsfyi.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\bootvid5.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Counter Strike\Steam.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
D:\Program Files\Win Ace\WinAce.exe
C:\DOCUME~1\Michael\LOCALS~1\Temp\~AceTemp\hijackthis-2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\WinAmp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kssd4d.exe reg_run
O4 - HKLM\..\Run: [2ab6768d9e73] C:\WINDOWS\System32\bootvid5.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft Anti-Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\System32\newexp
O4 - HKLM\..\Run: [dtanwt] C:\WINDOWS\System32\ancsfyi.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] D:\Program Files\Counter Strike\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nosunex.mht!http://213.158.119.2...ysb_regular.cab
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\ikxrtmgr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  • 0

#4
tampabelle
Posted 16 September 2005 - 10:12 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#5
Situationeer
Posted 18 September 2005 - 03:22 PM

Situationeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Ok, I installed the Windows Service Pack and this is the new log file...

Logfile of HijackThis v1.99.1
Scan saved at 4:21:32 PM, on 9/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\sami\emia.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\nidzru.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\zjwznip.exe
D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
D:\Program Files\Microsoft Anti-Spyware\gcasDtServ.exe
D:\Program Files\Microsoft Anti-Spyware\gcasServ.exe
D:\Program Files\Firefox\firefox.exe
D:\Program Files\Win Ace\WinAce.exe
C:\DOCUME~1\Michael\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\m0rz.dll
O2 - BHO: (no name) - {A088048C-F887-E62C-2A1D-0DCD0AABFCF8} - C:\WINDOWS\Btyxyufs.dll
O3 - Toolbar: Search - {61EF40EA-0F0E-0088-BF5E-BF422C605F00} - C:\WINDOWS\Btyxyufs.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\WinAmp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\nidzru.exe reg_run
O4 - HKLM\..\Run: [2ab6768d9e73] C:\WINDOWS\System32\bootvid5.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft Anti-Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\System32\newexp
O4 - HKLM\..\Run: [1XMOAm] "C:\WINDOWS\system32\cxtpls_loader.EXE" /PC=CP.AOP2
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [win3206534273854] C:\WINDOWS\win3206534273854.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKLM\..\Run: [owtcup] C:\WINDOWS\System32\zjwznip.exe r
O4 - HKLM\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] D:\Program Files\Counter Strike\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
O4 - Global Startup: dirc.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  • 0

#6
tampabelle
Posted 20 September 2005 - 07:54 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit ewido. DO NOT scan yet.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Download CleanUp
Install the program, dont run it yet, we will later.

Please download this file: Nailfix Utility
Save it to your desktop.
DO NOT run it yet.

Download dsrfix.zip
Save it to your desktop.
  • Unzip dsrfix.zip and extract it to your desktop.
  • This will create a new folder on your desktop named dsrfix.
  • Do Not open that folder yet.
Please download APT and unzip the contents to a new folder on your desktop.
  • Open the folder you just created and click on apt.exe and search in the window for C:\WINDOWS\System32\zjwznip.exe.
  • Open your C:\Windows\system32 folder and search for zjwznip.exe.
    Don't delete it yet, just leave the system32 folder open so you can see the bad file.
  • In APT again, Select C:\WINDOWS\System32\zjwznip.exe and Click Kill3
  • Then immediately delete zjwznip.exe from your system32 folder.
Close APT.

To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, start tapping press F8 key.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, please double-click on nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Now scan with HJT and place a checkmark next to each of the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\m0rz.dll
O2 - BHO: (no name) - {A088048C-F887-E62C-2A1D-0DCD0AABFCF8} - C:\WINDOWS\Btyxyufs.dll
O3 - Toolbar: Search - {61EF40EA-0F0E-0088-BF5E-BF422C605F00} - C:\WINDOWS\Btyxyufs.dll
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [2ab6768d9e73] C:\WINDOWS\System32\bootvid5.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\System32\newexp
O4 - HKLM\..\Run: [1XMOAm] "C:\WINDOWS\system32\cxtpls_loader.EXE" /PC=CP.AOP2
O4 - HKLM\..\Run: [SystemCheck] C:\WINDOWS\SysCheckBop32
O4 - HKLM\..\Run: [win3206534273854] C:\WINDOWS\win3206534273854.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKLM\..\Run: [owtcup] C:\WINDOWS\System32\zjwznip.exe r
O4 - HKLM\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k
O4 - HKCU\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k
O4 - Global Startup: dirc.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)


Close all open windows except for HJT, then click the Fix Checked button. Close HJT.

Now open the folder dsrfix on your desktop.
  • Double-Click on dsrfix.bat
  • A window will pop up briefly then close, this is normal.
Enable show hidden files and folders:

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders and files -

Folders
C:\Program Files\TagASaurus
C:\Program Files\sami

Files
C:\WINDOWS\Btyxyufs.dll
C:\WINDOWS\Btyxyufs.dll
C:\WINDOWS\dinst.exe
C:\WINDOWS\SysCheckBop32
C:\WINDOWS\win3206534273854.exe
C:\WINDOWS\System32\bootvid5.exe
C:\WINDOWS\System32\nidzru.exe
C:\WINDOWS\system32\m0rz.dll
C:\WINDOWS\System32\newexp.exe
C:\WINDOWS\system32\cxtpls_loader.EXE
C:\WINDOWS\System32\zjwznip.exe
C:\WINDOWS\System32\klh9xn0.exe

dirc.exe
(Search for this file using the Windows Search function)


Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Finally, restart your computer back into Normal Mode and please post a new HJT log, as well as the ewido report log from the Ewido scan by using Add Reply
  • 0

#7
Situationeer
Posted 20 September 2005 - 01:11 PM

Situationeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I think it worked, Microsoft Anti-Spyware and Ad-Aware both didn't find any problems and they used to. Thanks a lot man. Here are the logs you asked for.


Logfile of HijackThis v1.99.1
Scan saved at 11:33:36 PM, on 9/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Progra~1\Support.com\client\bin\forcesync.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\win3206534273854.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
D:\PROGRA~1\Firefox\firefox.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\m0rz.dll
O2 - BHO: (no name) - {A088048C-F887-E62C-2A1D-0DCD0AABFCF8} - C:\WINDOWS\Btyxyufs.dll
O3 - Toolbar: Search - {61EF40EA-0F0E-0088-BF5E-BF422C605F00} - C:\WINDOWS\Btyxyufs.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\WinAmp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft Anti-Spyware\gcasServ.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\System32\newexp
O4 - HKLM\..\Run: [1XMOAm] "C:\WINDOWS\system32\cxtpls_loader.EXE" /PC=CP.AOP2
O4 - HKLM\..\Run: [win3206534273854] C:\WINDOWS\win3206534273854.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKLM\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] D:\Program Files\Counter Strike\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\Ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\Ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe




Ewido Scan----

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:24:26 PM, 9/19/2005
+ Report-Checksum: A59AB0E1

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
[2056] C:\WINDOWS\SysCheckBop32.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\kssd4d.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\nxivfzc.dll -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\daeko.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\dsfdkgk.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\kolntot.dll -> TrojanDownloader.Qoologic.af : Cleaned with backup
C:\WINDOWS\system32\ѕеrvices.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\olethk32.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\system32\dsound3d.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\system32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\system32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\WINDOWS\system32\60001.exe -> TrojanDownloader.Small.bkr : Cleaned with backup
C:\WINDOWS\system32\kv5ge36d.dat -> Trojan.Smitfraud : Cleaned with backup
C:\WINDOWS\system32\0ghty.dll -> Trojan.Kolweb.a : Cleaned with backup
C:\WINDOWS\system32\m0rz.dll -> Trojan.Kolweb.d : Cleaned with backup
C:\WINDOWS\system32\dbr38u.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\ekijgu.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Temp\ASHeuristic\m0rz_dll.vir -> Trojan.Kolweb.d : Cleaned with backup
C:\WINDOWS\etb\hadfgf -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\SysCheckBop32.exe -> Trojan.VB.tg : Cleaned with backup
C:\Documents and Settings\Michael\Local Settings\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\R9J01378\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\MKTJVU13\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@abetterinternet[4].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\[email protected][2].txt -> Spyware.Cookie.Popularix : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xvnh86pf.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\8pp88cy6.Mike\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Michael\Application Data\Mozilla�
  • 0

#8
tampabelle
Posted 20 September 2005 - 03:17 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please Download the following tools
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!
  • 0

#9
Situationeer
Posted 21 September 2005 - 11:43 AM

Situationeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Here is the WinPFind Log.


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 5/25/2002 7:07:52 PM 84480 C:\WINDOWS\dqsouruehni.exe
PEC2 9/17/2005 9:21:12 PM RHS 307671 C:\WINDOWS\k03.sys
PECompact2 9/17/2005 9:21:12 PM RHS 307671 C:\WINDOWS\k03.sys

Checking %System% folder...
PEC2 8/18/2001 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
winsync 8/18/2001 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 9/7/2001 11:06:18 AM 54784 C:\WINDOWS\SYSTEM32\XpBlock.dll
69.59.186.63 8/31/2005 8:43:00 PM 133120 C:\WINDOWS\SYSTEM32\gwkkr.dll
209.66.67.134 8/31/2005 8:43:00 PM 133120 C:\WINDOWS\SYSTEM32\gwkkr.dll
web-nex 8/31/2005 8:43:00 PM 133120 C:\WINDOWS\SYSTEM32\gwkkr.dll
winsync 8/31/2005 8:43:00 PM 133120 C:\WINDOWS\SYSTEM32\gwkkr.dll
PTech 8/3/2005 10:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
SAHAgent 9/18/2005 3:05:46 PM 3535 C:\WINDOWS\SYSTEM32\hua1nleo.ini
PECompact2 5/7/2005 10:51:36 AM 1043800 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 5/7/2005 10:51:36 AM 1043800 C:\WINDOWS\SYSTEM32\MRT.exe
SAHAgent 9/16/2005 6:17:46 PM 35 C:\WINDOWS\SYSTEM32\c770ompf.ini
SAHAgent 9/16/2005 6:17:46 PM 35 C:\WINDOWS\SYSTEM32\hhmajqjh.ini
PEC2 9/17/2005 9:21:10 PM RHS 324132 C:\WINDOWS\SYSTEM32\klh9xn0.exe
PECompact2 9/17/2005 9:21:10 PM RHS 324132 C:\WINDOWS\SYSTEM32\klh9xn0.exe
PEC2 9/17/2005 9:21:12 PM RHS 222683 C:\WINDOWS\SYSTEM32\k03.sys
PECompact2 9/17/2005 9:21:12 PM RHS 222683 C:\WINDOWS\SYSTEM32\k03.sys
Umonitor 8/29/2002 4:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/21/2005 12:15:42 PM S 2048 C:\WINDOWS\bootstat.dat
9/20/2005 7:52:18 PM H 54156 C:\WINDOWS\QTFont.qfn
9/17/2005 9:21:12 PM RHS 307671 C:\WINDOWS\k03.sys
9/19/2005 11:26:40 PM RHS 655702 C:\WINDOWS\system32\m0rz.dll
9/19/2005 11:27:26 PM H 124 C:\WINDOWS\system32\vsconfig.xml
9/17/2005 9:21:10 PM RHS 324132 C:\WINDOWS\system32\klh9xn0.exe
9/17/2005 9:21:12 PM RHS 222683 C:\WINDOWS\system32\k03.sys
9/21/2005 12:14:50 PM H 843776 C:\WINDOWS\system32\config\system.LOG
9/21/2005 12:14:50 PM H 73728 C:\WINDOWS\system32\config\software.LOG
9/21/2005 12:14:50 PM H 8192 C:\WINDOWS\system32\config\default.LOG
9/21/2005 12:16:04 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/21/2005 12:15:44 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
9/13/2005 2:26:26 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FMSPPIE4\desktop.ini
9/13/2005 2:26:26 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\J0GHXJ4K\desktop.ini
9/13/2005 2:26:26 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CM9ABV9N\desktop.ini
9/13/2005 2:26:26 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9O491N19\desktop.ini
8/17/2005 10:46:46 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
8/17/2005 10:46:46 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\dc28a141-7c5d-4f26-8deb-44fb8ca96dbf
7/31/2005 2:49:36 PM H 0 C:\WINDOWS\inf\oem11.inf
9/21/2005 12:14:34 PM H 6 C:\WINDOWS\Tasks\SA.DAT
9/18/2005 2:45:06 PM RHS 70111 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_9.cab
7/31/2005 11:19:06 PM H 48918

Checking for CPL files...
Microsoft Corporation 8/29/2002 4:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/29/2002 4:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/29/2002 4:41:28 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 4:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 4:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/29/2002 4:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/18/2001 5:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Sony Corporation 12/4/1999 4:11:30 AM 151552 C:\WINDOWS\SYSTEM32\UILib.cpl
Sony Corporation 4/25/2001 5:36:14 PM 53248 C:\WINDOWS\SYSTEM32\VASetup.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
RealNetworks, Inc. 9/8/2001 1:04:30 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
10/10/1998 12:01:00 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Sun Microsystems, Inc. 6/3/2005 3:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/8/2001 12:52:24 PM 794

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
9/8/2001 11:07:12 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
9/20/2005 1:48:18 PM 2423 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Real-time Monitor.lnk
9/8/2001 12:51:48 PM 1531 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk
5/7/2005 3:01:24 PM 636 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/8/2001 10:58:54 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
6/14/2005 4:28:24 PM 892 C:\Documents and Settings\Michael\Start Menu\Programs\Startup\Adobe Gamma.lnk
9/8/2001 12:07:12 PM HS 84 C:\Documents and Settings\Michael\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
9/8/2001 11:58:52 AM HS 62 C:\Documents and Settings\Michael\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = D:\Program Files\Ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gxmktqtm
{2eb61d34-b952-4121-9cd1-7d1bd0cfb83a} = C:\WINDOWS\System32\gwkkr.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = D:\Program Files\ICQ\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = D:\Program Files\Win Ace\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83BD3F}
= shellwp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = D:\Program Files\Ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = D:\Program Files\ICQ\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = D:\Program Files\Win Ace\arcext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3}
= C:\WINDOWS\system32\m0rz.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A088048C-F887-E62C-2A1D-0DCD0AABFCF8}
= C:\WINDOWS\Btyxyufs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
http://www.sony.com/vaiopeople = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{61EF40EA-0F0E-0088-BF5E-BF422C605F00} = Search : C:\WINDOWS\Btyxyufs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}
ButtonText = ICQ Lite : D:\Program Files\ICQ\ICQLite\ICQLite.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{855F3B16-6D32-4FE6-8A56-BBB695989046} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
Pop3trap.exe "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
WebTrapNT.exe "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
ZTgServerSwitch c:\program files\support.com\client\lserver\server.vbs
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
WinampAgent D:\Program Files\WinAmp\winampa.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
Windows Taskbar Msngr C:\WINDOWS\\\\\\\\\\\\\\
iTunesHelper D:\Program Files\iTunes\iTunesHelper.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
gcasServ "D:\Program Files\Microsoft Anti-Spyware\gcasServ.exe"
Dinst C:\WINDOWS\dinst.exe
newexp C:\WINDOWS\System32\newexp
1XMOAm "C:\WINDOWS\system32\cxtpls_loader.EXE" /PC=CP.AOP2
win3206534273854 C:\WINDOWS\win3206534273854.exe
TagASaurus C:\Program Files\TagASaurus\TagASaurus

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
klh9xn0.exe C:\WINDOWS\System32\klh9xn0.exe /k

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Steam D:\Program Files\Counter Strike\Steam.exe -silent
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
klh9xn0.exe C:\WINDOWS\System32\klh9xn0.exe /k

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/21/2005 12:26:03 PM


Here is the Trackqoo report.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"Pop3trap.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2000\\Pop3trap.exe\""
"WebTrapNT.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2000\\WebTrapNT.exe\""
"ZTgServerSwitch"="c:\\program files\\support.com\\client\\lserver\\server.vbs"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"WinampAgent"="D:\\Program Files\\WinAmp\\winampa.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"Windows Taskbar Msngr"="C:\\WINDOWS\\\\\\\\\\\\\\\\\\\\\\\\\\\\"
"iTunesHelper"="D:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"gcasServ"="\"D:\\Program Files\\Microsoft Anti-Spyware\\gcasServ.exe\""
"Dinst"="C:\\WINDOWS\\dinst.exe"
"newexp"="C:\\WINDOWS\\System32\\newexp"
"1XMOAm"="\"C:\\WINDOWS\\system32\\cxtpls_loader.EXE\" /PC=CP.AOP2 "
"win3206534273854"="C:\\WINDOWS\\win3206534273854.exe"
"TagASaurus"="C:\\Program Files\\TagASaurus\\TagASaurus"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
D:\Program Files\Ewido\security suite\context.dll

Subkey --- gxmktqtm
{2eb61d34-b952-4121-9cd1-7d1bd0cfb83a}
C:\WINDOWS\System32\gwkkr.dll

Subkey --- ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654}
D:\Program Files\ICQ\ICQLite\ICQLiteShell.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}
D:\Program Files\Win Ace\arcext.dll

Subkey --- {48F45200-91E6-11CE-8A4F-0080C81A28D4}

C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {B95057E0-44DB-11CE-A5D1-00608C83BD3F}

shellwp.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

desktop.ini
VAIO Action Setup (Server).lnk
Adobe Gamma Loader.exe.lnk
Real-time Monitor.lnk
ZoneAlarm.lnk
==============================
C:\Documents and Settings\Michael\Start Menu\Programs\Startup

desktop.ini
VAIO Action Setup (Server).lnk
Adobe Gamma Loader.exe.lnk
Real-time Monitor.lnk
ZoneAlarm.lnk
desktop.ini
Adobe Gamma.lnk
==============================
C:\WINDOWS\system32 cpl files


desk.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
access.cpl Microsoft Corporation
UILib.cpl Sony Corporation
VASetup.cpl Sony Corporation
QuickTime.cpl Apple Computer, Inc.
prefscpl.cpl RealNetworks, Inc.
bdeadmin.cpl Inprise Corporation
jpicpl32.cpl Sun Microsystems, Inc.
wuaucpl.cpl Microsoft Corporation

Edited by Situationeer, 21 September 2005 - 11:49 AM.

  • 0

#10
tampabelle
Posted 21 September 2005 - 03:22 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please shut down Microsoft Anti-Spyware (MSAS) as it may interfere with the fix. Everytime you reboot the PC, please ensure that MSAS is turned off.
  • Download DSRFIX from HERE onto your Desktop.[list]
  • Unzip and EXTRACT the files to your Desktop.
  • The program creates and names the new folder to house the files.
  • Open the folder dsrfix
  • Double click on the dsrfix batch file( the one with the little gear in it )
  • Once dsrfix has completed it will close on its own

Download Pocket KillBox from here. There is a Direct Download and a description of what the Program does inside this link.

Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as KillQoo.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\gxmktqtm]

[-HKEY_CLASSES_ROOT\CLSID\{2eb61d34-b952-4121-9cd1-7d1bd0cfb83a}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"klh9xn0.exe"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"klh9xn0.exe"=-

[-HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3}]

[-HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A088048C-F887-E62C-2A1D-0DCD0AABFCF8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{61EF40EA-0F0E-0088-BF5E-BF422C605F00}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Taskbar Msngr"=-
"Dinst"=-
"newexp"=-
"1XMOAm"=-
"win3206534273854"=-
"TagASaurus"=-


Open Pocket Killbox and Copy & Paste the entries below into the "Full Path of File to Delete"

C:\WINDOWS\SYSTEM32\hua1nleo.ini
C:\WINDOWS\SYSTEM32\c770ompf.ini
C:\WINDOWS\SYSTEM32\hhmajqjh.ini
C:\WINDOWS\SYSTEM32\k03.sys
C:\WINDOWS\system32\m0rz.dll
C:\WINDOWS\system32\klh9xn0.exe
C:\WINDOWS\system32\m0rz.dll
C:\WINDOWS\dinst.exe
C:\WINDOWS\System32\newexp.exe
C:\WINDOWS\system32\cxtpls_loader.EXE
C:\WINDOWS\win3206534273854.exe
C:\Program Files\TagASaurusFiles Go Here

As you Paste each entry into Killbox,place a tick by any of these Selections available

"Delete on Reboot"
"Unregister .dll before Deleting"

Click the Red Circle with the White X in the Middle to Delete!

Restart in Safe Mode and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"

Now Locate and DoubleClick KillQoo.reg-> Allow it to merge into the Registry!

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\m0rz.dll
O2 - BHO: (no name) - {A088048C-F887-E62C-2A1D-0DCD0AABFCF8} - C:\WINDOWS\Btyxyufs.dll
O3 - Toolbar: Search - {61EF40EA-0F0E-0088-BF5E-BF422C605F00} - C:\WINDOWS\Btyxyufs.dll
O4 - HKLM\..\Run: [Windows Taskbar Msngr] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\System32\newexp
O4 - HKLM\..\Run: [1XMOAm] "C:\WINDOWS\system32\cxtpls_loader.EXE" /PC=CP.AOP2
O4 - HKLM\..\Run: [win3206534273854] C:\WINDOWS\win3206534273854.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKLM\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k
O4 - HKCU\..\RunOnce: [klh9xn0.exe] C:\WINDOWS\System32\klh9xn0.exe /k

Now close all windows other than HiJackThis, then click Fix Checked.

Restart back in Normal Mode and Post a fresh HijackThis log!

Also turn on your MSAS.
  • 0

Advertisements

#11
Situationeer
Posted 21 September 2005 - 04:23 PM

Situationeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 5:22:18 PM, on 9/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Ewido\security suite\ewidoctrl.exe
D:\Program Files\Ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe
D:\Program Files\Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\WinAmp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft Anti-Spyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] D:\Program Files\Counter Strike\Steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = D:\Program Files\Zone Alarm Firewall\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\Ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\Ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  • 0

#12
tampabelle
Posted 21 September 2005 - 05:39 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Run Hijack This and click on scan. The following items need to be fixed -

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.



Your log looks fine otherwise.

Do you have any issues with your PC ?? How is it behaving now ???
  • 0

#13
Situationeer
Posted 21 September 2005 - 07:06 PM

Situationeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
No, I don't seem to have any other problems right now, my computer is working great. Thanks a lot dude. I have one more question though, what else should I do so that I don't get infected again. Right now I use Zone Alarm as a firewall, I scan every night with Microsoft Anti Spyware, and scan with Spybot and Ad-Aware as well.
  • 0

#14
tampabelle
Posted 22 September 2005 - 08:51 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,


CONGRATULATIONS !!!!!!!!!!! Your PC is clean now :tazz:


You can take precautions for minimizing the risk of infection but cannot eliminate it completely.



I would recommend the following steps to keep your PC clean (especially Step 1 to install critical Windows patches including Service Pack 2 or SP2 if not already installed and Step 8 now that your PC is clean) –

PREVENTIVE MEASURES FOR FUTURE

Operating System
1. Keep the Windows and Internet Explorer updated with the latest fixes. These fixes are available free from Microsoft. Click on Tools in the IE menu bar and then on Windows update. You can also use the following links

Windows security and critical updates
Internet Explorer security and critical updates

Also ensure that automatic updates are enabled for faster updation of the system.
(Right click on My Computer on your desktop, properties and Automatic Updates tab.


Anti-Virus Software
2. Keep your Anti-virus program updated with the latest definitions. Some of the common anti-virus programs in use are :

Norton Anti-Virus
McAfee Anti-Virus
AVG Anti-Virus --- freeware
Avast Home Edition --- freeware

Use only one anti-virus program as multiple such programs can create conflicts between themselves and severely hamper the performance of your PC.


Firewall
3. You should also have a good firewall. Here are 3 free ones available for personal use:
Sygate Personal Firewall, Kerio Personal Firewall, ZoneAlarm


Internet Browsers
4. Have robust explorer settings. It is preferable to use an internet browser other that IE as most of the malware is targetted at IE. In case you prefer to use IE, then download a list of innocent looking but harmful websites from IE-Spyad and install it on ur PC. IE-SPYAD puts over 5000 sites in your internet explorer's restricted zone, so you'll be protected when you visit innocent-looking sites that aren't really innocent at all.

Some alternate browsers I suggest are Firefox Mozilla Browser and Opera

Ensure that Security level, irrespective of whichever browser you use, is set at Medium or higher, restrict the usage of cookies and activeX components.


Spyware Protection
5. Have a wall of protection against spyware / adware by installing SpywareBlaster and SpywareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs.
SpywareBlaster will prevent spyware from being installed and consumes no system resources.
SpywareGuard offers realtime protection from spyware installation and browser hijack attempts. Both have free ongoing updates.


Spyware Removers
6. Install programs for scanning for malware and uninstalling them. Two of the best programs, both are freeware, are :

Spybot Search & Destroy - A powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

AdAware SE Personal Edition - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.


Regular Maintenance of PC
7. Finally, invest some time for regular maintenance of your PC. Delete the temporary Internet files, temporary files, cookies etc. Click on Start button, Programs, Accessories, System Tools and run the program Disk Cleanup. Follow the instructions.

An alternate freeware software which can be used is CleanUp.

Keep your Registry clean. My favourite software is Registry First Aid. This is not a freeware but a trial version can be downloaded.


System Restore Points
8. Since your PC is currently clean, create a system restore point. A system restore would enable you to revert to the settings on the PC when the restore point was created. It is also a good idea to flush all earlier system restore points which may be containing infected files.

A. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

B. Restart your computer.

C. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

System Restore will now be active again.


Go ahead and enjoy a clean PC !!!!!!!!!!!!!
  • 0

#15
Situationeer
Posted 22 September 2005 - 01:03 PM

Situationeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Woot! You guys kick [bleep], thanks a lot. PC is running good as new.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP