Lavasoft Support Forums > w32.myzor.fk@yf virus

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs

panya

Jul 7 2006, 03:56 PM

Hi CalamityJane and Lavasoft Support

i have got the same problem with w32.myzor.fk@yf virus. i have followed your instruction from
Lavasoft Support Forums > HELP! My computer is infected! What should I do? > HijackThis Logs
until #8.

i couldn't find below page:
http://www.pandasoftware.com/activescan/co...n_principal.htm

so i download it hijackthis from other website.

Please can you help to review my report below. i would like to get the report from Adaware SE but i could not sucessfully download it. you can see error from the picture below. i think there are still some virus in my computer. If you think i don't have any more virus, should i uninstall the software i have installed for reports below?

Click to view attachment

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:03:05 AM 7/6/2006

+ Scan result:

C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned.
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned.
C:\WINDOWS\g1922312.dll -> Downloader.Delf.amb : Cleaned.
C:\WINDOWS\g305593.dll -> Downloader.Delf.amb : Cleaned.
[232] C:\WINDOWS\g1922312.dll -> Downloader.Delf.amb : Cleaned.
[768] C:\WINDOWS\g1922312.dll -> Downloader.Delf.amb : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\OA.exe -> Downloader.PurityScan.cq : Cleaned.
C:\Program Files\Common Files\Y1123OA.exe -> Downloader.PurityScan.cq : Cleaned.
C:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.wo : Cleaned.
C:\WINDOWS\system32\oins.exe -> Dropper.Small : Cleaned.
:mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.207:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@dealnews.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@interland.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@msntrademarketing.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@primediabusiness.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.403:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.214:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.215:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.348:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.349:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.350:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.351:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.485:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.345:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.234:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned.
:mozilla.490:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@www.cj[1].txt -> TrackingCookie.Cj : Cleaned.
:mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.436:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.443:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.472:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.458:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.463:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.250:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.324:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-commjun.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-fedex.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-guess.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@w102.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.332:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.333:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.334:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.335:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.336:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.337:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.338:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.256:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.306:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.307:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.308:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.309:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.505:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.376:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.381:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.216:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.217:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.389:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.390:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.391:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.392:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.479:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.394:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.340:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.341:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.342:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.343:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.344:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.508:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.509:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.453:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.388:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.393:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.396:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.399:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.401:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.404:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.449:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.374:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.375:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.445:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.496:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.497:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.498:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.499:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.500:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D1NKFR8O\bgates[1].exe -> Trojan.Dialer.pz : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GDUJ8HAB\srvhsf[1].exe -> Trojan.Pakes : Cleaned.
C:\WINDOWS\Temp\winDD.tmp.exe -> Trojan.Pakes : Cleaned.
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2E4E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld33B9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld8CB7.tmp -> Trojan.Small : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned.

::Report end

------------------------------------------------------------------------
SmitFraudFix v2.67

Scan done at 4:07:28.65, Thu 07/06/2006
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸› Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g1922312.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g1922312.dll"

à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸› Killing process

à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸› Generic Renos Fix

GenericRenosFix by S!Ri

à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸› Deleting infected files

C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\DOCUME~1\ALLUSE~1\DESKTOP\Online Security Guide.url Deleted
C:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\SpyQuake2.com\ Deleted

à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸› Deleting Temp Files

à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸› Registry Cleaning

Registry Cleaning done.

à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸› After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g1922312.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g1922312.dll"

à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸› End

------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 4:27:08 AM, on 7/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe
C:\WINDOWS\system32\clc.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Dict95\bin\MagicLnk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\1-Click Answers\agtserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Ouoe] "C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe" -vt yax
O4 - HKCU\..\Run: [clc] C:\WINDOWS\system32\clc.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Magic Linker.lnk = C:\Program Files\Dict95\bin\MagicLnk.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = ?
O4 - Global Startup: 1-Click Answers.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: à¸ªà¹ˆ&à¸‡à¸à¸à¸?à¹„à¸›à¸¢à¸±à¸‡ Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.phuketgazette.net
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g1922312.dll
O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MySql - Unknown owner - C:\IBserver\mysql\bin\mysqld-opt.exe
----------------------------------------

jurgenv

Jul 7 2006, 10:53 PM

Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
Post the contents of the logfile c:\windelf.txt, along with a new HijackThis log.

panya

Jul 8 2006, 01:18 AM

Hi jurgenv

Thank you very much for your help. i have got the report here:

************************
* WIN32DELFKIL LOGFILE *
************************
by Marckie

BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------
g1725875.dll

File(s) found in system32 folder
--------------------------------

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}"
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"
"{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui"

sharedtaskkey: 89e4aaba-3b21-49b3-b922-8ca35193c68e
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89e4aaba-3b21-49b3-b922-8ca35193c68e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89e4aaba-3b21-49b3-b922-8ca35193c68e}\InProcServer32]
@="C:\\WINDOWS\\system32\\zlara.dll"
"ThreadingModel"="Apartment"

sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00605
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}]
@="C:\\WINDOWS\\g1725875.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InprocServer32]
@="C:\\WINDOWS\\g1725875.dll"
"ThreadingModel"="Apartment"

sharedtaskkey: 0B5F7FDF-0717-45BF-B49D-695F3168C7FE
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\admparsek.dll"
"ThreadingModel"="Apartment"

Notify key
----------
subkey cfgmngr32 is present!

AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------

File(s) found in system32 folder
--------------------------------
Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}"

sharedtaskkey: 89e4aaba-3b21-49b3-b922-8ca35193c68e
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89e4aaba-3b21-49b3-b922-8ca35193c68e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89e4aaba-3b21-49b3-b922-8ca35193c68e}\InProcServer32]
@="C:\\WINDOWS\\system32\\zlara.dll"
"ThreadingModel"="Apartment"

Notify key
----------

jurgenv

Jul 8 2006, 11:52 AM

Can I see a new hijackthis log?

panya

Jul 8 2006, 02:01 PM

Hi jurgenv

When i tune on the computer it shows me the report from ewido below.
----------------------------------
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="ewido.exe" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="engine.dll" SIZE="466944" CHECKSUM="0xAE059C4C" BIN_FILE_VERSION="4.0.0.172" BIN_PRODUCT_VERSION="4.0.0.172" PRODUCT_VERSION="4, 0, 0, 172" FILE_DESCRIPTION="scan engine" COMPANY_NAME="Anti-Malware Development a.s." PRODUCT_NAME="ewido anti-spyware" FILE_VERSION="4, 0, 0, 172" ORIGINAL_FILENAME="engine.dll" INTERNAL_NAME="engine" LEGAL_COPYRIGHT="Copyright Â© 2005 Anti-Malware Development a.s." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.0.0.172" UPTO_BIN_PRODUCT_VERSION="4.0.0.172" LINK_DATE="06/16/2006 14:38:27" UPTO_LINK_DATE="06/16/2006 14:38:27" VER_LANGUAGE="German (Germany) [0x407]" />
<MATCHING_FILE NAME="ewido.exe" SIZE="6283264" CHECKSUM="0x98B9BB10" BIN_FILE_VERSION="4.0.0.172" BIN_PRODUCT_VERSION="4.0.0.172" PRODUCT_VERSION="4, 0, 0, 172" FILE_DESCRIPTION="ewido anti-spyware" COMPANY_NAME="Anti-Malware Development a.s." PRODUCT_NAME="ewido anti-spyware" FILE_VERSION="4, 0, 0, 172" ORIGINAL_FILENAME="ewido.exe" INTERNAL_NAME="ewido anti-spyware" LEGAL_COPYRIGHT="Copyright Â© 2005 Anti-Malware Development a.s." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.0.0.172" UPTO_BIN_PRODUCT_VERSION="4.0.0.172" LINK_DATE="06/16/2006 14:39:05" UPTO_LINK_DATE="06/16/2006 14:39:05" VER_LANGUAGE="German (Germany) [0x407]" />
<MATCHING_FILE NAME="guard.exe" SIZE="172032" CHECKSUM="0x822112CE" BIN_FILE_VERSION="4.0.0.172" BIN_PRODUCT_VERSION="4.0.0.172" PRODUCT_VERSION="4, 0, 0, 172" FILE_DESCRIPTION="ewido anti-spyware guard" COMPANY_NAME="Anti-Malware Development a.s." PRODUCT_NAME="ewido anti-spyware" FILE_VERSION="4, 0, 0, 172" ORIGINAL_FILENAME="guard.exe" INTERNAL_NAME="ewido anti-spywareguard" LEGAL_COPYRIGHT="Copyright Â© 2005 Anti-Malware Development a.s." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.0.0.172" UPTO_BIN_PRODUCT_VERSION="4.0.0.172" LINK_DATE="06/16/2006 14:38:41" UPTO_LINK_DATE="06/16/2006 14:38:41" VER_LANGUAGE="German (Germany) [0x407]" />
<MATCHING_FILE NAME="context.dll" SIZE="94208" CHECKSUM="0x63DFF67A" BIN_FILE_VERSION="4.0.0.172" BIN_PRODUCT_VERSION="4.0.0.172" PRODUCT_VERSION="4, 0, 0, 172" FILE_DESCRIPTION="Context-Menu (Shell Extension)" COMPANY_NAME="Anti-Malware Development a.s." PRODUCT_NAME="ewido anti-spyware" FILE_VERSION="4, 0, 0, 172" ORIGINAL_FILENAME="Context.dll" INTERNAL_NAME="Context.dll" LEGAL_COPYRIGHT="Copyright Â© 2005 Anti-Malware Development a.s." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.0.0.172" UPTO_BIN_PRODUCT_VERSION="4.0.0.172" LINK_DATE="06/16/2006 14:38:36" UPTO_LINK_DATE="06/16/2006 14:38:36" VER_LANGUAGE="German (Germany) [0x407]" />
<MATCHING_FILE NAME="shellexecutehook.dll" SIZE="73728" CHECKSUM="0x29DDA66A" BIN_FILE_VERSION="4.0.0.172" BIN_PRODUCT_VERSION="4.0.0.172" PRODUCT_VERSION="4, 0, 0, 172" FILE_DESCRIPTION="ewido anti-spyware guard" COMPANY_NAME="Anti-Malware Development a.s." PRODUCT_NAME="ewido anti-spyware" FILE_VERSION="4, 0, 0, 172" ORIGINAL_FILENAME="shellexecutehook.dll" INTERNAL_NAME="shellexecutehook.dll" LEGAL_COPYRIGHT="Copyright Â© 2005 Anti-Malware Development a.s." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.0.0.172" UPTO_BIN_PRODUCT_VERSION="4.0.0.172" LINK_DATE="06/16/2006 14:38:48" UPTO_LINK_DATE="06/16/2006 14:38:48" VER_LANGUAGE="German (Germany) [0x407]" />
<MATCHING_FILE NAME="help.dll" SIZE="4096" CHECKSUM="0x5824656E" />
<MATCHING_FILE NAME="Uninstall.exe" SIZE="110669" CHECKSUM="0x8D494C73" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8109FB" LINKER_VERSION="0x0" LINK_DATE="03/04/2006 17:05:36" UPTO_LINK_DATE="03/04/2006 17:05:36" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="983552" CHECKSUM="0x4CE79457" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="MicrosoftÂ® WindowsÂ® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="Â© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFF848" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>
--------------------------------------------------
Latest report from HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 6:57:01 PM, on 7/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Dict95\bin\MagicLnk.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\1-Click Answers\agtserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Ouoe] "C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe" -vt yax
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Magic Linker.lnk = C:\Program Files\Dict95\bin\MagicLnk.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = ?
O4 - Global Startup: 1-Click Answers.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: à¸ªà¹ˆ&à¸‡à¸à¸à¸?à¹„à¸›à¸¢à¸±à¸‡ Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.phuketgazette.net
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g407765.dll
O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MySql - Unknown owner - C:\IBserver\mysql\bin\mysqld-opt.exe

-------------------------------------------------------------------

jurgenv

Jul 8 2006, 02:06 PM

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

panya

Jul 8 2006, 02:31 PM

log file from Ad-Aware SE

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, July 08, 2006 7:38:22 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R113 28.06.2006
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›

References detected during the scan:
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›
MRU List(TAC index:0):52 total references
Tracking Cookie(TAC index:3):1 total references
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

7-8-2006 7:38:22 PM - Scan started. (Smart mode)

Listing running processes
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 816
ThreadCreationTime : 7-8-2006 11:34:35 AM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 896
ThreadCreationTime : 7-8-2006 11:34:37 AM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 7-8-2006 11:34:38 AM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 972
ThreadCreationTime : 7-8-2006 11:34:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 984
ThreadCreationTime : 7-8-2006 11:34:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1144
ThreadCreationTime : 7-8-2006 11:34:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1188
ThreadCreationTime : 7-8-2006 11:34:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1328
ThreadCreationTime : 7-8-2006 11:34:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1392
ThreadCreationTime : 7-8-2006 11:34:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1560
ThreadCreationTime : 7-8-2006 11:34:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1896
ThreadCreationTime : 7-8-2006 11:34:43 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1988
ThreadCreationTime : 7-8-2006 11:34:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 492
ThreadCreationTime : 7-8-2006 11:34:47 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright ? 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:14 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 500
ThreadCreationTime : 7-8-2006 11:34:47 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 16
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright ? 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:15 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 512
ThreadCreationTime : 7-8-2006 11:34:47 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright ? 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:16 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 528
ThreadCreationTime : 7-8-2006 11:34:47 AM
BasePriority : Normal

#:17 [gnotify.exe]
FilePath : C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\
ProcessID : 536
ThreadCreationTime : 7-8-2006 11:34:48 AM
BasePriority : Normal
FileVersion : 1.0.25.0
ProductVersion : 1.0.25.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright ? Google Inc. 2004-2005
OriginalFilename : gnotify.exe

#:18 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 564
ThreadCreationTime : 7-8-2006 11:34:48 AM
BasePriority : Normal
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2004
OriginalFilename : PDVDSERV.EXE

#:19 [opwarese2.exe]
FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\
ProcessID : 572
ThreadCreationTime : 7-8-2006 11:34:48 AM
BasePriority : Normal
FileVersion : 12.0
ProductVersion : 2.0
ProductName : OmniPage SE
CompanyName : ScanSoft, Inc.
FileDescription : OCR Aware (32-bit)
InternalName : OPWARE12.EXE
LegalCopyright : Copyright ? 1995-2003 ScanSoft, Inc.
LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries.

OriginalFilename : OPWARE12.EXE

#:20 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 580
ThreadCreationTime : 7-8-2006 11:34:48 AM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant

#:21 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 7-8-2006 11:34:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:22 [ping.exe]
FilePath : C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\
ProcessID : 720
ThreadCreationTime : 7-8-2006 11:34:49 AM
BasePriority : Normal

#:23 [stimgbrowser.exe]
FilePath : C:\Program Files\Samsung\Digimax Viewer 2.1\
ProcessID : 756
ThreadCreationTime : 7-8-2006 11:34:50 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 9
ProductVersion : 1, 0, 0, 9
ProductName : Samsung Digimax Viewer 2.1.1
CompanyName : STOIK Imaging (www.stoik.com)
FileDescription : STOIK Image Browser
InternalName : STOIK Image Browser
LegalCopyright : Copyright © STOIK Imaging Ltd. 2003-2004
OriginalFilename : STImgBrowser.EXE
Comments : This is customization of STOIK Imaging Image Browser

#:24 [magiclnk.exe]
FilePath : C:\Program Files\Dict95\bin\
ProcessID : 808
ThreadCreationTime : 7-8-2006 11:34:51 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Magic Linker 2.0
CompanyName : Thaisoft Co., Ltd.
FileDescription : For linking to Thaisoft So Sethaputra Dictionary 2.0
InternalName : MagicLnk
LegalCopyright : Copyright © 1997
OriginalFilename : MagicLnk.EXE

#:25 [bluesoleil.exe]
FilePath : C:\Program Files\IVT Corporation\BlueSoleil\
ProcessID : 1100
ThreadCreationTime : 7-8-2006 11:34:51 AM
BasePriority : Normal
FileVersion : 1, 6, 1, 4
ProductVersion : 1, 6, 1, 4
ProductName : BlueSoleil
CompanyName : IVT Corporation
FileDescription : Bluetooth Application
InternalName : BlueSoleil
LegalCopyright : Copyright © 2000-2004
LegalTrademarks : BlueSoleil
OriginalFilename : BlueSol.exe

#:26 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 1268
ThreadCreationTime : 7-8-2006 11:34:52 AM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor

#:27 [btntservice.exe]
FilePath : C:\Program Files\IVT Corporation\BlueSoleil\
ProcessID : 1296
ThreadCreationTime : 7-8-2006 11:34:52 AM
BasePriority : Normal

#:28 [answers.exe]
FilePath : C:\Program Files\1-Click Answers\
ProcessID : 1436
ThreadCreationTime : 7-8-2006 11:34:55 AM
BasePriority : Normal
FileVersion : 1.1 (build 381)
ProductVersion : 1.1 (build 381)
ProductName : Answers
CompanyName : Answers Corporation
FileDescription : 1-Click Answers Client
InternalName : 1-Click Answers Client
LegalCopyright : Copyright ? Answers Corporation 1999-2006
OriginalFilename : Answers.exe

#:29 [guard.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 1432
ThreadCreationTime : 7-8-2006 11:34:55 AM
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright ? 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:30 [inetinfo.exe]
FilePath : C:\WINDOWS\system32\inetsrv\
ProcessID : 1516
ThreadCreationTime : 7-8-2006 11:35:02 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE

#:31 [mcdetect.exe]
FilePath : c:\program files\mcafee.com\agent\
ProcessID : 1588
ThreadCreationTime : 7-8-2006 11:35:04 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 19
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee WSC Integration Service
InternalName : McDetect
LegalCopyright : Copyright ? 2005 McAfee, Inc.
OriginalFilename : McDetect.exe
Comments : McAfee WSC Integration Service

#:32 [mctskshd.exe]
FilePath : c:\PROGRA~1\mcafee.com\agent\
ProcessID : 1580
ThreadCreationTime : 7-8-2006 11:35:05 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 13
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee Task Scheduler
InternalName : McTskshd
LegalCopyright : Copyright ? 2005 McAfee, Inc.
OriginalFilename : McTskshd.exe

#:33 [agtserv.exe]
FilePath : C:\Program Files\1-Click Answers\
ProcessID : 1680
ThreadCreationTime : 7-8-2006 11:35:06 AM
BasePriority : Normal
FileVersion : 7.1 (build 381)
ProductVersion : 7.1 (build 381)
ProductName : ScreenScraper SDK
CompanyName : Answers Corporation
FileDescription : AgtServ main executable
InternalName : AgtServ
LegalCopyright : Copyright ? Answers Corporation 1999-2006
OriginalFilename : AgtServ.exe

#:34 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1708
ThreadCreationTime : 7-8-2006 11:35:07 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright ? 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:35 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1860
ThreadCreationTime : 7-8-2006 11:35:16 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft? Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:36 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 260
ThreadCreationTime : 7-8-2006 11:35:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:37 [hpqste08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 412
ThreadCreationTime : 7-8-2006 11:35:33 AM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP CUE Status
InternalName : HPQSTS00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQSTS00.EXE
Comments : HP CUE Status

#:38 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 772
ThreadCreationTime : 7-8-2006 11:35:38 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:39 [hprblog.exe]
FilePath : C:\Program Files\HP\Digital Imaging\Product Assistant\bin\
ProcessID : 1844
ThreadCreationTime : 7-8-2006 11:35:57 AM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : HPRBLOG
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPRBLOG.EXE
Comments : Hewlett-Packard Product Assistant

#:40 [fxssvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2092
ThreadCreationTime : 7-8-2006 11:36:01 AM
BasePriority : Normal
FileVersion : 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.2.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Fax Service
InternalName : FXSSVC.EXE
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : FXSSVC.EXE

#:41 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3000
ThreadCreationTime : 7-8-2006 11:38:10 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:42 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 3236
ThreadCreationTime : 7-8-2006 11:38:20 AM
BasePriority : High

#:43 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3772
ThreadCreationTime : 7-8-2006 11:39:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:44 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3816
ThreadCreationTime : 7-8-2006 11:40:00 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:45 [regsvr32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3192
ThreadCreationTime : 7-8-2006 11:41:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft© Register Server
InternalName : REGSVR32
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : REGSVR32.EXE

#:46 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 4028
ThreadCreationTime : 7-8-2006 11:42:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:47 [ad-aware.exe]
FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\
ProcessID : 1612
ThreadCreationTime : 7-8-2006 12:00:54 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright ? Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:48 [regsvr32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 7-8-2006 12:01:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft© Register Server
InternalName : REGSVR32
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : REGSVR32.EXE

#:49 [regsvr32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3164
ThreadCreationTime : 7-8-2006 12:22:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft? Windows? Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft© Register Server
InternalName : REGSVR32
LegalCopyright : ? Microsoft Corporation. All rights reserved.
OriginalFilename : REGSVR32.EXE

#:50 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 3828
ThreadCreationTime : 7-8-2006 12:23:39 PM
BasePriority : Normal
FileVersion : 8.0.0792.00
ProductVersion : 8.0.0792
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:51 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 3564
ThreadCreationTime : 7-8-2006 12:24:03 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 20
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright ? 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:52 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3724
ThreadCreationTime : 7-8-2006 12:24:12 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

Memory scan result:
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›
New critical objects: 0
Objects found so far: 0

Started registry scan
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›

Registry Scan result:
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›
New critical objects: 0
Objects found so far: 0

Started deep registry scan
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›

Deep registry scan result:
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@as-us.falkag.net/
Expires : 7-9-2006 7:34:56 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›
New critical objects: 1
Objects found so far: 1

Deep scanning and examining files...
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›

Disk Scan Result for C:\WINDOWS
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›
New critical objects: 0
Objects found so far: 1

Disk Scan Result for C:\WINDOWS\system32
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›
New critical objects: 0
Objects found so far: 1

Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›
New critical objects: 0
Objects found so far: 1

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à
¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›

Hosts file scan result:
à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸
›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›à¸›
1 entries scanned.
New critical objects:0
Objects found so far: 1

MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage
Description : default save location in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage\editor
Description : default add image directory for microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage\editor\recent templates
Description : list of recently used templates in microsoft publisher

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage\explorer\frontpage explorer\recently created servers
Description : list of recently created servers in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\access\settings
Description : list of recently opened documents in microsoft access

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\new from existing document\file name mru
Description : list of "new from existing document" files used by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\word\recent templates
Description : list of recent templates used by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

Performing conditional scans...

Conditional scan result:
New critical objects: 0
Objects found so far: 53

7:46:26 PM Scan Complete

Summary Of This Scan
Total scanning time:00:08:03.672
Objects scanned:83929
Objects identified:1
Objects ignored:0
New critical objects:1

panya

Jul 8 2006, 02:35 PM

Hi jurgenv

You replied so quick. i am downloading drweb and i will post the report to you soon.

Panya

panya

Jul 8 2006, 05:07 PM

Hi jurgenv

DrWeb scaned quite long.

please read the report from DrWeb here:

g7732421.dll;C:\WINDOWS;Trojan.DownLoader.10744;Will be cured after reboot.;
winmmt32.dll;C:\WINDOWS\system32;Trojan.Mezzia;Will be cured after reboot.;
g407765.dll;C:\WINDOWS;Trojan.DownLoader.10744;Will be cured after reboot.;
g1627875.dll;C:\WINDOWS;Trojan.DownLoader.10744;Will be cured after reboot.;
g2900906.dll;C:\WINDOWS;Trojan.DownLoader.10744;Will be cured after reboot.;
g6496968.dll;C:\WINDOWS;Trojan.DownLoader.10744;Will be cured after reboot.;
g7732421.dll;C:\WINDOWS;Trojan.DownLoader.10744;Will be cured after reboot.;
winmmt32.dll;C:\WINDOWS\system32;Trojan.Mezzia;Will be cured after reboot.;
clci.exe;C:\WINDOWS\system32;Dialer.Mitrafa;Incurable.Moved.;
win3B4.tmp.exe;C:\WINDOWS\Temp;Trojan.DownLoader.10628;Deleted.;
win3B6.tmp.exe;C:\WINDOWS\Temp;Trojan.DownLoader.10628;Deleted.;
bgates[1].exe;C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\65SV45U3;Dialer.Silent;Deleted.;
srvcun[1].exe;C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\65SV45U3;Trojan.DownLoader.10628;Deleted.;
srvvtd[1].exe;C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\65SV45U3;Trojan.DownLoader.10628;Deleted.;
A0092709.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.Popuper;Deleted.;
A0092750.dll;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.DownLoader.10744;Deleted.;
A0092751.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.MulDrop.3839;Deleted.;
A0092752.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.PurityAd;Deleted.;
A0092753.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Adware.MediaTicket;Incurable.Moved.;
A0092757.exe\data001;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140\A0092757.exe;Trojan.Popuper;;
A0092757.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Archive contains infected objects;Moved.;
A0092759.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.Popuper;Deleted.;
A0093768.dll;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.DownLoader.10744;Deleted.;
A0093769.dll;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.DownLoader.10744;Deleted.;
A0093785.dll;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.Fakealert;Deleted.;
A0093810.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP141;Dialer.Mitrafa;Incurable.Moved.;
-----------------

jurgenv

Jul 8 2006, 05:30 PM

Can you scan again with ewido in safe mode and post me the report here of it wit h a new hijackthis log?

panya

Jul 10 2006, 09:43 AM

Hi jurgenv

i think my computer doesn't have virus anymore. thank you very much for all of your help

.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:09:08 PM 7/10/2006

+ Scan result:

C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0092753.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0093810.exe -> Downloader.Agent.apb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP144\A0094853.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP144\A0094855.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP144\A0094856.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP144\A0094857.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP144\A0094858.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP144\A0094873.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g12563953.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g13770640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g8952359.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0092757.exe -> Downloader.Zlob.xj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP139\A0092621.tlb -> Downloader.Zlob.xj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140\A0092713.tlb -> Downloader.Zlob.xj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140\A0092723.tlb -> Downloader.Zlob.xj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140\A0092735.tlb -> Downloader.Zlob.xj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140\A0092760.tlb -> Downloader.Zlob.xj : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@msntrademarketing.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IN8DYROJ\bgates[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\65SV45U3\srvcun[1].exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win3C5.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win3C7.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).

::Report end

---------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:10:56 PM, on 7/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Ouoe] "C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe" -vt yax
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Magic Linker.lnk = C:\Program Files\Dict95\bin\MagicLnk.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = ?
O4 - Global Startup: 1-Click Answers.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: à¸ªà¹ˆ&à¸‡à¸à¸à¸?à¹„à¸›à¸¢à¸±à¸‡ Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.phuketgazette.net
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g14984406.dll (file missing)
O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing)
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MySql - Unknown owner - C:\IBserver\mysql\bin\mysqld-opt.exe

--------------------------------------------------------

jurgenv

Jul 10 2006, 10:27 AM

* Please open hijackthis and put a check next to the following:

O4 - HKCU\..\Run: [Ouoe] "C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe" -vt yax
O15 - Trusted Zone: http://www.phuketgazette.net
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g14984406.dll (file missing)
O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing)
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll (file missing)

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

* Now, post a new hijackthis log here.

panya

Jul 11 2006, 05:22 PM

Hi,

please can you help me to review the log file from hijackthis again. This time i didn't do in safemode. do you want me to scan in safemode as well?

Logfile of HijackThis v1.99.1
Scan saved at 11:19:35 PM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Dict95\bin\MagicLnk.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\1-Click Answers\answers.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\1-Click Answers\agtserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Magic Linker.lnk = C:\Program Files\Dict95\bin\MagicLnk.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = ?
O4 - Global Startup: 1-Click Answers.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: à¸ªà¹ˆ&à¸‡à¸à¸à¸?à¹„à¸›à¸¢à¸±à¸‡ Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MySql - Unknown owner - C:\IBserver\mysql\bin\mysqld-opt.exe

jurgenv

Jul 12 2006, 12:10 AM

Looking good, how is everything working?

panya

Jul 12 2006, 02:55 PM

It is working good. Looks like all viruses are gone. However i think my computer is quite slow when i turn on, i will probrably have to remove some programes.

Thank you very much for your help to clean all the virus.

jurgenv

Jul 12 2006, 11:04 PM

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at Lavasoftsupport are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck.

panya

Jul 14 2006, 03:42 PM

Thank you very much. i will be more careful when download stuff on internet.

LS CalamityJane

Jul 20 2006, 07:47 PM

Thank you for your help, jurgenv

Since the issues in this topic appear to be resolved, I'll move this topic to the Archives (read only).

For the Original Poster, if you should need it reopened for any reason, please PM one of the Moderators.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.