svajunas Posted December 21, 2007 ID:11111 Share Posted December 21, 2007 I got this adware.virtumonde.application how to destroy this virus ?? what it does to my computer pls help B)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:48:37, on 2007.12.21Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\mHotkey.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\RunDLL32.exeC:\Program Files\FarStone\VDPPro\VHD\RDTask.exeC:\Program Files\FarStone\VDPPro\dvdcreator\DVDCTrayIconShl.exeC:\Program Files\FarStone\VDPPro\VDP\vdtask.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\wuauclt.exeD:\nfs2\speed2.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing)R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dllO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [CHotkey] mHotkey.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NetworkMechanic] C:\Program Files\Network Mechanic\NetworkMechanic.exe /startupO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VDPPro\VHD\RDTask.exe"O4 - HKLM\..\Run: [DVDCTray] C:\Program Files\FarStone\VDPPro\dvdcreator\DVDCTrayIconShl.exeO4 - HKLM\..\Run: [VirtualDrive] C:\Program Files\FarStone\VDPPro\VDP\vdtask.exe /AutoRestoreO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silentO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe--End of file - 7676 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted December 22, 2007 ID:11124 Share Posted December 22, 2007 Hi there svajunas, and welcome to Malwarebytes.If you haven't already, please get these programs, update and run a complete scan removing all items found.Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.AVG AntiSpyware Be sure to "take action"Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. Link to post Share on other sites More sharing options...
svajunas Posted December 28, 2007 Author ID:11298 Share Posted December 28, 2007 I found a lot entries with spy bot should I delete them all?? Link to post Share on other sites More sharing options...
svajunas Posted December 28, 2007 Author ID:11299 Share Posted December 28, 2007 ---------------------------------------------------------AVG Anti-Spyware - Scan Report--------------------------------------------------------- + Created at: 20:19:55 2007.12.28 + Scan result: C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Ignored.C:\System Volume Information\_restore{FFDDF4EF-7B69-4C24-9CE8-0452B0D97693}\RP343\A0417920.dll -> Adware.Companion : Ignored.HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Ignored.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow -> Adware.SaveNow : Ignored.D:\System Volume Information\_restore{866E244E-940A-43E8-94FC-3A803454B152}\RP233\A0267876.EXE -> Backdoor.Hupigon.kg : Ignored.C:\Documents and Settings\Virgis\Desktop\Unused Desktop Shortcuts\roc_tft_cdkey_generators\w3-TFT-cdkey-generator.exe -> Dropper.PT : Ignored.:mozilla.100:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.101:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.102:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.103:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.104:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.105:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.106:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.107:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.108:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.109:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.110:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.111:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.112:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.113:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.114:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.71:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.72:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.73:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.74:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.75:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.76:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.77:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.78:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.79:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.80:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.81:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.82:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.83:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.848:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.84:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.85:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.86:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.87:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.887:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.88:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.89:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.90:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.91:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.92:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.93:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.94:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.95:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.96:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.97:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.98:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.:mozilla.99:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@drugstore.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@ice.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.:mozilla.142:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.:mozilla.143:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.:mozilla.144:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.:mozilla.674:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.:mozilla.675:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@adbrite[2].txt -> TrackingCookie.Adbrite : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.:mozilla.494:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.:mozilla.495:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.:mozilla.496:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.:mozilla.497:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.:mozilla.498:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.:mozilla.499:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.:mozilla.500:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.:mozilla.501:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adrevolver : Ignored.:mozilla.566:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adtech : Ignored.:mozilla.568:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Adtech : Ignored.:mozilla.254:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Advertising : Ignored.:mozilla.255:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Advertising : Ignored.:mozilla.257:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Advertising : Ignored.:mozilla.258:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Advertising : Ignored.:mozilla.260:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Advertising : Ignored.:mozilla.432:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.:mozilla.240:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.:mozilla.242:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.:mozilla.243:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.:mozilla.572:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.:mozilla.573:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.:mozilla.574:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.:mozilla.575:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.:mozilla.576:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.:mozilla.577:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.:mozilla.578:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.:mozilla.579:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.:mozilla.580:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.:mozilla.581:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.:mozilla.582:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.:mozilla.697:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Clickbank : Ignored.:mozilla.927:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Clickhype : Ignored.:mozilla.766:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.:mozilla.767:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.:mozilla.772:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.:mozilla.773:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Clickzs : Ignored.:mozilla.720:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Cqcounter : Ignored.:mozilla.123:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.:mozilla.280:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Estat : Ignored.:mozilla.467:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.:mozilla.468:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Euroclick : Ignored.:mozilla.259:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.:mozilla.261:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.:mozilla.262:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.:mozilla.265:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.:mozilla.231:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Gamershell : Ignored.:mozilla.232:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Gamershell : Ignored.:mozilla.233:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Gamershell : Ignored.:mozilla.234:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Gamershell : Ignored.:mozilla.860:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored.:mozilla.906:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored.:mozilla.943:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored.:mozilla.214:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.:mozilla.215:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.:mozilla.216:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.:mozilla.236:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.:mozilla.237:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.:mozilla.900:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.:mozilla.901:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.:mozilla.902:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.:mozilla.903:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.:mozilla.648:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Hotlog : Ignored.:mozilla.168:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Imrworldwide : Ignored.:mozilla.169:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Imrworldwide : Ignored.:mozilla.662:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Information : Ignored.:mozilla.171:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Ivwbox : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@ie.search.msn[2].txt -> TrackingCookie.Msn : Ignored.:mozilla.817:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Onestat : Ignored.:mozilla.820:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Onestat : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@stat.onestat[1].txt -> TrackingCookie.Onestat : Ignored.:mozilla.618:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Overture : Ignored.:mozilla.437:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.:mozilla.438:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.:mozilla.439:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.:mozilla.440:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.:mozilla.441:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.:mozilla.442:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.:mozilla.443:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.:mozilla.373:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.:mozilla.374:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.:mozilla.661:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Revenue : Ignored.:mozilla.312:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Revsci : Ignored.:mozilla.313:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Revsci : Ignored.:mozilla.314:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Revsci : Ignored.:mozilla.315:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Revsci : Ignored.:mozilla.316:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Revsci : Ignored.:mozilla.317:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Revsci : Ignored.:mozilla.318:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Revsci : Ignored.:mozilla.319:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Revsci : Ignored.:mozilla.320:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Revsci : Ignored.:mozilla.321:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Revsci : Ignored.:mozilla.537:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Ru4 : Ignored.:mozilla.538:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Ru4 : Ignored.:mozilla.539:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Ru4 : Ignored.:mozilla.125:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Safer-networking : Ignored.:mozilla.158:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.:mozilla.159:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.:mozilla.160:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.:mozilla.161:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.:mozilla.162:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.:mozilla.163:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.:mozilla.164:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@site.skype[1].txt -> TrackingCookie.Skype : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@skype[1].txt -> TrackingCookie.Skype : Ignored.:mozilla.629:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Spylog : Ignored.:mozilla.379:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.380:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.384:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.385:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.386:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.387:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.388:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.389:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.390:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.391:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.392:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.393:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.394:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.395:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.396:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.397:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.398:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.399:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.400:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.401:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.402:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.403:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.404:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.405:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.406:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.407:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.408:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.409:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.410:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.411:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.412:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.413:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.414:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.415:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.416:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.417:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.418:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.419:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.420:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.421:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.422:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.423:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.424:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.425:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.426:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.427:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.428:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.429:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.430:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.431:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.:mozilla.27:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Statistik-gallup : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Ignored.:mozilla.238:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.:mozilla.239:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.:mozilla.241:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.:mozilla.40:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.:mozilla.41:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.:mozilla.42:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.:mozilla.43:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.:mozilla.44:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignored.:mozilla.204:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.:mozilla.684:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Weborama : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@weborama[1].txt -> TrackingCookie.Weborama : Ignored.:mozilla.533:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Webtrends : Ignored.C:\Documents and Settings\Virgis\Cookies\virgis@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignored.:mozilla.198:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Webtrendslive : Ignored.:mozilla.272:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Yadro : Ignored.:mozilla.145:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.:mozilla.146:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.:mozilla.147:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.:mozilla.148:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.:mozilla.149:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.:mozilla.150:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.:mozilla.151:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.:mozilla.598:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Zedo : Ignored.:mozilla.599:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Zedo : Ignored.:mozilla.600:C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt -> TrackingCookie.Zedo : Ignored.C:\System Volume Information\_restore{FFDDF4EF-7B69-4C24-9CE8-0452B0D97693}\RP343\A0417914.dll -> Trojan.Keylog : Ignored.::Report endpanda scanIncident Status Location Virus:Generic Malware Disinfected C:\Documents and Settings\Virgis\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32 Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.com.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[fe.lea.lycos.de/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.azjmp.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.burstnet.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.advertising.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.advertising.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.yadro.ru/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.xiti.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.atdmt.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.adtech.de/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.zedo.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.overture.com/] Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.spylog.com/] Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.hotlog.ru/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.toplist.cz/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.revenue.net/] Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[searchportal.information.com/] Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.weborama.fr/] Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.clickbank.net/] Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.adserver.easyad.info/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.go.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Virgis\Application Data\Mozilla\Firefox\Profiles\dvx9937x.default\cookies.txt[.ehg-dig.hitbox.com/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Virgis\Cookies\virgis@stat.onestat[1].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Virgis\Cookies\virgis@weborama[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Virgis\Cookies\virgis@xiti[1].txt Virus:Generic Malware Disinfected C:\Documents and Settings\Virgis\Local Settings\Temp\NI.UWA6P_0001_N91M1807\setup.exe Adware:Adware/WinAntivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\compwiz.exe Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK.dll Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\ACM.dll Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\ffext.mod Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\Save.exe Adware:Adware/SaveNow Not disinfected C:\Program Files\Save\SaveUninst.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\akklphtx.dll Virus:Trj/Dropper.WF Disinfected D:\JUstes\Kaip taupyti elektra.exe Virus:Generic Trojan Disinfected D:\nfs2\gghz-nfsu2_tr.exe Virus:Generic Trojan Disinfected D:\nfs2\nfsu2_trn.exe Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:27:15, on 2007.12.28Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\mHotkey.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\RunDLL32.exeC:\Program Files\FarStone\VDPPro\VHD\RDTask.exeC:\Program Files\FarStone\VDPPro\dvdcreator\DVDCTrayIconShl.exeC:\Program Files\FarStone\VDPPro\VDP\vdtask.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dllO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [CHotkey] mHotkey.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NetworkMechanic] C:\Program Files\Network Mechanic\NetworkMechanic.exe /startupO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VDPPro\VHD\RDTask.exe"O4 - HKLM\..\Run: [DVDCTray] C:\Program Files\FarStone\VDPPro\dvdcreator\DVDCTrayIconShl.exeO4 - HKLM\..\Run: [VirtualDrive] C:\Program Files\FarStone\VDPPro\VDP\vdtask.exe /AutoRestoreO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [7853c498] rundll32.exe "C:\WINDOWS\system32\lfdkbekw.dll",bO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silentO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO8 - Extra context menu item: &Search - ?p=ZNfox000O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe--End of file - 8113 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted December 28, 2007 ID:11301 Share Posted December 28, 2007 Hi, yes you should remove all items found with all scanning programs I ask you to use. You have a badly infected system. Scan with SBS&D again and remove it all, also with AVG, take action. Panda removed several trojans, but you still have at least two infections for us to kill off.Please download VundoFix.exeto your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo button." whenVundoFix appears at reboot.Next we need to use this tool:Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm You will post 3 logs Vundo, Smitfraud and a new HJT. Link to post Share on other sites More sharing options...
svajunas Posted December 29, 2007 Author ID:11315 Share Posted December 29, 2007 I cant delete some files with VundoFix even after restart and some files were deleted but after reboot it gives me a log that says some .dll unable to run Here is few samplesError loading C:\WINDOWS\system32\lfdkbekw.dllThe specified module could not be found.__________________________________________Error loading C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLLThe specified module could not be found. Link to post Share on other sites More sharing options...
JeanInMontana Posted December 29, 2007 ID:11319 Share Posted December 29, 2007 Those are both malware related. Please follow the instructions you were given, run the tools, post the logs. You don't need to do anything but follow prompts from the tools. Link to post Share on other sites More sharing options...
svajunas Posted December 29, 2007 Author ID:11322 Share Posted December 29, 2007 VundoFix V6.7.7Checking Java version...Java version is 1.5.0.6Old versions of java are exploitable and should be removed.Java version is 1.5.0.9Old versions of java are exploitable and should be removed.Scan started at 12:20:26 2007.12.29Listing files found while scanning....VundoFix V6.7.7Checking Java version...Java version is 1.5.0.6Old versions of java are exploitable and should be removed.Java version is 1.5.0.9Old versions of java are exploitable and should be removed.Scan started at 12:32:09 2007.12.29Listing files found while scanning....C:\WINDOWS\system32\akklphtx.dllC:\WINDOWS\system32\awtsrst.dllC:\WINDOWS\system32\hhhkj.iniC:\WINDOWS\system32\hhhkj.ini2C:\WINDOWS\system32\itkhhktb.dllC:\WINDOWS\system32\jkhhh.dllC:\WINDOWS\system32\khfghfg.dllC:\WINDOWS\system32\lfdkbekw.dllC:\WINDOWS\system32\pqlnokyt.dllC:\WINDOWS\system32\tkxhfchq.dllBeginning removal... Attempting to delete C:\WINDOWS\system32\akklphtx.dllC:\WINDOWS\system32\akklphtx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\awtsrst.dllC:\WINDOWS\system32\awtsrst.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\hhhkj.iniC:\WINDOWS\system32\hhhkj.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\hhhkj.ini2C:\WINDOWS\system32\hhhkj.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\itkhhktb.dllC:\WINDOWS\system32\itkhhktb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jkhhh.dllC:\WINDOWS\system32\jkhhh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\khfghfg.dllC:\WINDOWS\system32\khfghfg.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\lfdkbekw.dllC:\WINDOWS\system32\lfdkbekw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pqlnokyt.dllC:\WINDOWS\system32\pqlnokyt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tkxhfchq.dllC:\WINDOWS\system32\tkxhfchq.dll Has been deleted!Performing Repairs to the registry.Done!Beginning removal... Attempting to delete C:\WINDOWS\system32\khfghfg.dllC:\WINDOWS\system32\khfghfg.dll Could not be deleted.Performing Repairs to the registry.Done!VundoFix V6.7.7Checking Java version...Java version is 1.5.0.6Old versions of java are exploitable and should be removed.Java version is 1.5.0.9Old versions of java are exploitable and should be removed.Scan started at 12:52:52 2007.12.29Listing files found while scanning....C:\WINDOWS\system32\gebyx.dllC:\WINDOWS\system32\khfghfg.dllC:\WINDOWS\system32\xybeg.iniC:\WINDOWS\system32\xybeg.ini2Beginning removal... Attempting to delete C:\WINDOWS\system32\gebyx.dllC:\WINDOWS\system32\gebyx.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\khfghfg.dllC:\WINDOWS\system32\khfghfg.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\xybeg.iniC:\WINDOWS\system32\xybeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\xybeg.ini2C:\WINDOWS\system32\xybeg.ini2 Has been deleted!Performing Repairs to the registry.Done!Beginning removal... Attempting to delete C:\WINDOWS\system32\gebyx.dllC:\WINDOWS\system32\gebyx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\khfghfg.dllC:\WINDOWS\system32\khfghfg.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\xybeg.iniC:\WINDOWS\system32\xybeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\xybeg.ini2C:\WINDOWS\system32\xybeg.ini2 Has been deleted!Performing Repairs to the registry.Done!Beginning removal...SmitFraudFix v2.274Scan done at 23:19:24,25, 2007.12.29Run from C:\Documents and Settings\Virgis\Desktop\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Link to post Share on other sites More sharing options...
JeanInMontana Posted December 29, 2007 ID:11324 Share Posted December 29, 2007 Ok good work. Still more to do. We have it on the run though. B)1. Download this file :http://download.bleepingcomputer.com/sUBs/combofix.exeOr from here:http://www.techsupportforum.com/sectools/combofix.exe2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter.3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt.Post that log and a HiJack log in your next replyNote:Do not mouseclick combofix's window while its running. That may cause it to stall.You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation. Link to post Share on other sites More sharing options...
svajunas Posted December 30, 2007 Author ID:11328 Share Posted December 30, 2007 Start Time= 2007.12.30 12:41:47,84QuickScan did not find any signs of infected files(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))2007-12-30 11:03:58 3072 ( A.... ) "C:\Program Files\FarStone\VDPPro\FSCFL.Sys"2007-12-29 23:19:34 4544 ( A.... ) "C:\WINDOWS\system32\tmp.reg"2007-12-29 13:17:28 328192 ( A.... ) "C:\WINDOWS\system32\mlljj.dll"2007-12-28 15:18:12 ( .D... ) "C:\Documents and Settings\Virgis\Application Data\Grisoft"2007-12-28 15:17:30 ( .D... ) "C:\Program Files\Grisoft"2007-12-28 15:04:44 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"2007-12-21 17:48:24 ( .D... ) "C:\Program Files\Trend Micro"2007-12-20 23:11:52 81920 ( A.... ) "C:\WINDOWS\system32\IEDFix.exe"2007-12-17 21:52:02 ( .D... ) "C:\Program Files\BFG"2007-12-17 18:35:44 ( .D... ) "C:\Documents and Settings\Virgis\Application Data\GameHouse"2007-12-17 17:43:48 37376 ( ..... ) "C:\WINDOWS\system32\khfghfg.dll"2007-12-11 16:13:18 ( .D... ) "C:\Documents and Settings\Virgis\Application Data\Hamachi"2007-12-11 16:05:42 ( .D... ) "C:\Program Files\Hamachi"2007-12-10 11:26:06 ( .D... ) "C:\Documents and Settings\Virgis\Application Data\EleFun Games"2007-12-10 11:22:14 ( .D... ) "C:\Program Files\bfgclient"2007-12-09 00:18:10 ( .D... ) "C:\Documents and Settings\Virgis\Application Data\Leadertech"2007-12-09 00:18:06 ( .D... ) "C:\Program Files\Common Files\PocketSoft"2007-12-08 23:31:14 ( .D... ) "C:\Documents and Settings\Virgis\Application Data\Atari"2007-12-02 15:00:06 18684536 ( A.... ) "C:\WINDOWS\system32\MRT.exe"2007-12-01 11:16:14 98304 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll"2007-11-26 20:44:52 ( .D... ) "C:\Documents and Settings\Virgis\Application Data\mIRC"2007-11-26 20:44:50 ( .D... ) "C:\Program Files\mIRC"2007-11-22 19:45:32 43520 ( A.... ) "C:\WINDOWS\system32\CmdLineExt03.dll"2007-11-22 19:04:26 21840 ( A.... ) "C:\WINDOWS\system32\SIntfNT.dll"2007-11-22 19:04:26 17212 ( A.... ) "C:\WINDOWS\system32\SIntf32.dll"2007-11-22 19:04:26 12067 ( A.... ) "C:\WINDOWS\system32\SIntf16.dll"2007-11-20 15:52:48 ( .D... ) "C:\Program Files\uTorrent"2007-11-20 15:52:22 ( .D... ) "C:\Documents and Settings\Virgis\Application Data\uTorrent"2007-11-16 17:06:48 ( .D... ) "C:\Program Files\Common Files\Download Manager"2007-11-16 17:01:36 229728 ( A.... ) "C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_2546.exe"2007-11-16 17:01:34 ( .D... ) "C:\Program Files\Burn4Free Toolbar"2007-11-15 20:33:40 98304 ( A.... ) "C:\WINDOWS\system32CmdLineExt.dll"2007-11-15 20:27:24 ( .D... ) "C:\Program Files\PlayLinc"2007-11-15 20:11:36 ( .D... ) "C:\Program Files\Steam"2007-11-14 09:26:56 450560 ( A.... ) "C:\WINDOWS\system32\jscript.dll"2007-11-13 13:31:12 60416 ( A.... ) "C:\WINDOWS\system32\tzchange.exe"2007-11-04 21:02:08 ( .D... ) "C:\Program Files\AV Vcs 6.0 DIAMOND"2007-11-03 22:35:00 ( .D... ) "C:\Program Files\Ocean Technology"2007-11-02 16:06:38 ( .D... ) "C:\Program Files\Evisoft"2007-10-30 11:55:22 3065856 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"2007-10-30 00:43:04 1287680 ( A.... ) "C:\WINDOWS\system32\quartz.dll"2007-10-29 12:04:04 350720 ( A.... ) "C:\WINDOWS\system32\xpsp3res.dll"2007-10-27 17:40:30 222720 ( A.... ) "C:\WINDOWS\system32\wmasf.dll"2007-10-26 05:34:02 8460288 ( A.... ) "C:\WINDOWS\system32\shell32.dll"2007-10-11 07:57:42 666112 ( A.... ) "C:\WINDOWS\system32\wininet.dll"2007-10-11 07:57:40 1498112 ( A.... ) "C:\WINDOWS\system32\shdocvw.dll"2007-10-11 07:57:40 617984 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"2007-10-11 07:57:40 474112 ( A.... ) "C:\WINDOWS\system32\shlwapi.dll"2007-10-11 07:57:38 532480 ( A.... ) "C:\WINDOWS\system32\mstime.dll"2007-10-11 07:57:38 39424 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"2007-10-11 07:57:36 449024 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"2007-10-11 07:57:36 146432 ( A.... ) "C:\WINDOWS\system32\msrating.dll"2007-10-11 07:57:32 251904 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"2007-10-11 07:57:32 96256 ( A.... ) "C:\WINDOWS\system32\inseng.dll"2007-10-11 07:57:32 16384 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"2007-10-11 07:57:30 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"2007-10-11 07:57:30 1024000 ( A.... ) "C:\WINDOWS\system32\browseui.dll"2007-10-11 07:57:30 357888 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"2007-10-11 07:57:30 205824 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"2007-10-11 07:57:30 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"2007-10-11 07:57:30 55808 ( A.... ) "C:\WINDOWS\system32\extmgr.dll"2007-10-03 23:36:46 25600 ( A.... ) "C:\WINDOWS\system32\WS2Fix.exe"2007-04-04 19:04:38 702212 ( A.... ) "C:\Program Files\APR2007_d3dx10_33_x64.cab"2007-04-04 19:04:38 100417 ( A.... ) "C:\Program Files\APR2007_xinput_x64.cab"2007-04-04 19:04:38 56902 ( A.... ) "C:\Program Files\APR2007_xinput_x86.cab"2007-04-04 19:04:36 1610958 ( A.... ) "C:\Program Files\APR2007_d3dx9_33_x64.cab"2007-04-04 19:04:36 699465 ( A.... ) "C:\Program Files\APR2007_d3dx10_33_x86.cab"2007-04-04 19:04:34 1609639 ( A.... ) "C:\Program Files\APR2007_d3dx9_33_x86.cab"2007-04-04 19:04:34 199366 ( A.... ) "C:\Program Files\APR2007_XACT_x64.cab"2007-04-04 19:04:34 154825 ( A.... ) "C:\Program Files\APR2007_XACT_x86.cab"2007-04-04 19:04:32 45305 ( A.... ) "C:\Program Files\dxdllreg_x86.cab"2007-04-04 18:48:34 1673576 ( A.... ) "C:\Program Files\dsetup32.dll"2007-04-04 18:48:34 503144 ( A.... ) "C:\Program Files\DXSETUP.exe"2007-04-04 18:48:34 85881 ( A.... ) "C:\Program Files\dxupdate.cab"2007-04-04 18:48:32 1575336 ( ..... ) "C:\Program Files\DEC2006_d3dx9_32_x86.cab"2007-04-04 18:48:32 1572114 ( ..... ) "C:\Program Files\DEC2006_d3dx9_32_x64.cab"2007-04-04 18:48:32 1413862 ( ..... ) "C:\Program Files\OCT2006_d3dx9_31_x64.cab"2007-04-04 18:48:32 1363684 ( ..... ) "C:\Program Files\Feb2006_d3dx9_29_x64.cab"2007-04-04 18:48:32 1336890 ( ..... ) "C:\Program Files\Jun2005_d3dx9_26_x64.cab"2007-04-04 18:48:32 1248387 ( ..... ) "C:\Program Files\Feb2005_d3dx9_24_x64.cab"2007-04-04 18:48:32 1128177 ( ..... ) "C:\Program Files\OCT2006_d3dx9_31_x86.cab"2007-04-04 18:48:32 1085608 ( ..... ) "C:\Program Files\Feb2006_d3dx9_29_x86.cab"2007-04-04 18:48:32 1080344 ( ..... ) "C:\Program Files\Dec2005_d3dx9_28_x86.cab"2007-04-04 18:48:32 1065813 ( ..... ) "C:\Program Files\Jun2005_d3dx9_26_x86.cab"2007-04-04 18:48:32 1014113 ( ..... ) "C:\Program Files\Feb2005_d3dx9_24_x86.cab"2007-04-04 18:48:32 213767 ( ..... ) "C:\Program Files\DEC2006_d3dx10_00_x64.cab"2007-04-04 18:48:32 198275 ( ..... ) "C:\Program Files\FEB2007_XACT_x64.cab"2007-04-04 18:48:32 193435 ( ..... ) "C:\Program Files\DEC2006_XACT_x64.cab"2007-04-04 18:48:32 192680 ( ..... ) "C:\Program Files\DEC2006_d3dx10_00_x86.cab"2007-04-04 18:48:32 183321 ( ..... ) "C:\Program Files\OCT2006_XACT_x64.cab"2007-04-04 18:48:32 181745 ( ..... ) "C:\Program Files\JUN2006_XACT_x64.cab"2007-04-04 18:48:32 179247 ( ..... ) "C:\Program Files\Feb2006_XACT_x64.cab"2007-04-04 18:48:32 151583 ( ..... ) "C:\Program Files\FEB2007_XACT_x86.cab"2007-04-04 18:48:32 146559 ( ..... ) "C:\Program Files\DEC2006_XACT_x86.cab"2007-04-04 18:48:32 138977 ( ..... ) "C:\Program Files\OCT2006_XACT_x86.cab"2007-04-04 18:48:32 134631 ( ..... ) "C:\Program Files\JUN2006_XACT_x86.cab"2007-04-04 18:48:32 133297 ( ..... ) "C:\Program Files\Feb2006_XACT_x86.cab"2007-04-04 18:48:32 86925 ( ..... ) "C:\Program Files\Oct2005_xinput_x64.cab"2007-04-04 18:48:32 77160 ( A.... ) "C:\Program Files\DSETUP.dll"2007-04-04 18:48:32 46247 ( ..... ) "C:\Program Files\Oct2005_xinput_x86.cab"2007-04-04 18:48:30 13265040 ( ..... ) "C:\Program Files\dxnt.cab"2007-04-04 18:48:30 4163518 ( ..... ) "C:\Program Files\Apr2006_MDX1_x86_Archive.cab"2007-04-04 18:48:30 1398718 ( ..... ) "C:\Program Files\Apr2006_d3dx9_30_x64.cab"2007-04-04 18:48:30 1358864 ( ..... ) "C:\Program Files\Dec2005_d3dx9_28_x64.cab"2007-04-04 18:48:30 1351430 ( ..... ) "C:\Program Files\Aug2005_d3dx9_27_x64.cab"2007-04-04 18:48:30 1348242 ( ..... ) "C:\Program Files\Apr2005_d3dx9_25_x64.cab"2007-04-04 18:48:30 1116109 ( ..... ) "C:\Program Files\Apr2006_d3dx9_30_x86.cab"2007-04-04 18:48:30 1079850 ( ..... ) "C:\Program Files\Apr2005_d3dx9_25_x86.cab"2007-04-04 18:48:30 1078532 ( ..... ) "C:\Program Files\Aug2005_d3dx9_27_x86.cab"2007-04-04 18:48:30 917318 ( ..... ) "C:\Program Files\Apr2006_MDX1_x86.cab"2007-04-04 18:48:30 183863 ( ..... ) "C:\Program Files\AUG2006_XACT_x64.cab"2007-04-04 18:48:30 180021 ( ..... ) "C:\Program Files\Apr2006_XACT_x64.cab"2007-04-04 18:48:30 138195 ( ..... ) "C:\Program Files\AUG2006_XACT_x86.cab"2007-04-04 18:48:30 133991 ( ..... ) "C:\Program Files\Apr2006_XACT_x86.cab"2007-04-04 18:48:30 88102 ( ..... ) "C:\Program Files\AUG2006_xinput_x64.cab"2007-04-04 18:48:30 87989 ( ..... ) "C:\Program Files\Apr2006_xinput_x64.cab"2007-04-04 18:48:30 47018 ( ..... ) "C:\Program Files\AUG2006_xinput_x86.cab"2007-04-04 18:48:30 46898 ( ..... ) "C:\Program Files\Apr2006_xinput_x86.cab"2007-04-04 18:48:28 1156363 ( ..... ) "C:\Program Files\BDANT.cab"2007-04-04 18:48:28 976020 ( ..... ) "C:\Program Files\BDAXP.cab"2006-09-28 15:22:04 91265 ( A.... ) "C:\Program Files\OCT2006_xinput_x64.cab"2006-09-28 15:22:02 49149 ( A.... ) "C:\Program Files\OCT2006_xinput_x86.cab"2006-09-28 14:55:34 15493481 ( A.... ) "C:\Program Files\DirectX.cab"2006-09-28 14:55:34 703080 ( A.... ) "C:\Program Files\BDA.cab"2004-04-03 00:05:38 4722688 ( A.... ) "C:\Program Files\Adbcd.exe"((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries are not shown[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd""CHotkey"="mHotkey.exe""NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe""ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup""ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start""My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\3.bin\\MWSBAR.DLL,S""PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE""NetworkMechanic"="C:\\Program Files\\Network Mechanic\\NetworkMechanic.exe /startup""NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup""nwiz"="nwiz.exe /install""NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit""Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup""DC6_check"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\dc6_startupmon.exe\"""ERS_check"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\ers_startupmon.exe\"""HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe""RAMDrive"="\"C:\\Program Files\\FarStone\\VDPPro\\VHD\\RDTask.exe\""@="""DVDCTray"="C:\\Program Files\\FarStone\\VDPPro\\dvdcreator\\DVDCTrayIconShl.exe""VirtualDrive"="C:\\Program Files\\FarStone\\VDPPro\\VDP\\vdtask.exe /AutoRestore""nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE""HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe""DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033""7853c498"="rundll32.exe \"C:\\WINDOWS\\system32\\lfdkbekw.dll\",b""!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]"Installed"="1""NoChange"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoDriveAutoRun"=dword:00000100[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe""MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background""Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized""msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background""Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=dword:00000000[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]"RunNarrator"="Narrator.exe"[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoDriveTypeAutoRun"=dword:00000091[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]"RunNarrator"="Narrator.exe"[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]"NoDriveTypeAutoRun"=dword:00000091[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="""{7BED1F14-57E9-4E35-943F-CE1688F6CB4E}"="""{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton Security Scan.jobCompletion time: 2007.12.30 12:43:00,54ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txtLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:45:21, on 2007.12.30Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\mHotkey.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\RunDLL32.exeC:\Program Files\FarStone\VDPPro\VHD\RDTask.exeC:\Program Files\FarStone\VDPPro\dvdcreator\DVDCTrayIconShl.exeC:\Program Files\FarStone\VDPPro\VDP\vdtask.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\DAEMON Tools\daemon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dllO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [CHotkey] mHotkey.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NetworkMechanic] C:\Program Files\Network Mechanic\NetworkMechanic.exe /startupO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VDPPro\VHD\RDTask.exe"O4 - HKLM\..\Run: [DVDCTray] C:\Program Files\FarStone\VDPPro\dvdcreator\DVDCTrayIconShl.exeO4 - HKLM\..\Run: [VirtualDrive] C:\Program Files\FarStone\VDPPro\VDP\vdtask.exe /AutoRestoreO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [7853c498] rundll32.exe "C:\WINDOWS\system32\lfdkbekw.dll",bO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silentO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO8 - Extra context menu item: &Search - ?p=ZNfox000O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe--End of file - 7859 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted December 30, 2007 ID:11331 Share Posted December 30, 2007 OK, you still have not run the Smitfraud tool. You need to do that. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation. Link to post Share on other sites More sharing options...
svajunas Posted December 30, 2007 Author ID:11332 Share Posted December 30, 2007 I did that already you told me to do this in 5 post and I downloaded the newest java veresion.smitrifroud rapport_____________________________________________________________________________________________________SmitFraudFix v2.274Scan done at 20:06:39,39, 2007.12.30Run from C:\Documents and Settings\Virgis\Desktop\Unused Desktop Shortcuts\Antivir\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode Link to post Share on other sites More sharing options...
JeanInMontana Posted December 31, 2007 ID:11338 Share Posted December 31, 2007 Sorry. I am not seeing the new Java installed and I need a new HJT log also please. Link to post Share on other sites More sharing options...
svajunas Posted December 31, 2007 Author ID:11345 Share Posted December 31, 2007 Today my nod32 found this adware.ezula.application how did this thing get to my computer?? And here my HJT log B)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:43:38, on 2007.12.31Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\mHotkey.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\RunDLL32.exeC:\Program Files\FarStone\VDPPro\VHD\RDTask.exeC:\Program Files\FarStone\VDPPro\dvdcreator\DVDCTrayIconShl.exeC:\Program Files\FarStone\VDPPro\VDP\vdtask.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dllO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [CHotkey] mHotkey.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NetworkMechanic] C:\Program Files\Network Mechanic\NetworkMechanic.exe /startupO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VDPPro\VHD\RDTask.exe"O4 - HKLM\..\Run: [DVDCTray] C:\Program Files\FarStone\VDPPro\dvdcreator\DVDCTrayIconShl.exeO4 - HKLM\..\Run: [VirtualDrive] C:\Program Files\FarStone\VDPPro\VDP\vdtask.exe /AutoRestoreO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [7853c498] rundll32.exe "C:\WINDOWS\system32\iqnysybo.dll",bO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silentO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO8 - Extra context menu item: &Search - ?p=ZNfox000O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe--End of file - 8028 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted December 31, 2007 ID:11358 Share Posted December 31, 2007 How did Ezulu get on your system? I couldn't tell you for sure. Your system is seriously infected and this usually happens due to lack of preventative measures and risky internet use. You have installed applications that are malware. Are you having NOD32 remove the items? Also please uninstall your Adobe reader and update to version 8. Version 7 is known to be exploitable.Make sure you have your system set to show all files and folders. Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.Burn4Free should be removed ASAP. http://www.sophos.com/virusinfo/analyses/burn4free.htmlRun HJT again and put a check next to these items and click fix.O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dllO4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,SO4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"O4 - HKLM\..\Run: [7853c498] rundll32.exe "C:\WINDOWS\system32\iqnysybo.dll",bReboot into Safe Mode: please by tapping the F8 key as soon as you restart the computer. Using Windows Explorer, locate the following files/folders, and delete them:rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,SC:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exeExit Explorer, and reboot as normal afterwards.If you were unable to find any of the files then please follow these additional instructions:Download Pocket Killbox and unzip it; save it to your Desktop.Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.Let the system reboot.Be sure to delete all old copies of Vundo, Smitfraud and Combofix you have on the system.Now lets run a new Vundo, be sure you delete the old and get this new again.Please download VundoFix.exeto your desktop. http://www.atribune.org/ccount/click.php?id=4 * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the aboveinstructions starting from "Click the Scan for Vundo button." whenVundoFix appears at reboot. And last but not least lets do a Panda scan and post those results. Link to post Share on other sites More sharing options...
svajunas Posted January 1, 2008 Author ID:11379 Share Posted January 1, 2008 I couldn't find burn 4 free toolbar in hjt log and I couldn't find this ignysiybo.dll",b too but I found this oneHKLM\..\Run: [7853c498] rundll32.exe "C:\WINDOWS\system32\jxqiaebj.dll",b Link to post Share on other sites More sharing options...
JeanInMontana Posted January 2, 2008 ID:11402 Share Posted January 2, 2008 Well you didn't follow directions either. I don't know where you might have found that file but it looks like a Vundo file, and I don't see any new Vundo log etc...etc. I can't stress the importance of following instructions enough. Link to post Share on other sites More sharing options...
svajunas Posted January 13, 2008 Author ID:11798 Share Posted January 13, 2008 VundoFix V6.7.7Checking Java version...Scan started at 18:28:04 2008.01.12Listing files found while scanning....C:\WINDOWS\system32\dmawodhg.dllC:\WINDOWS\system32\yqtppxul.dllC:\WINDOWS\system32\jjllm.iniC:\WINDOWS\system32\jjllm.ini2C:\WINDOWS\system32\khfghfg.dllC:\WINDOWS\system32\kkbhwyqj.dllC:\WINDOWS\system32\lfqjkpwb.dllC:\WINDOWS\system32\mdeflneg.dllC:\WINDOWS\system32\mlljj.dllC:\WINDOWS\system32\qscawxdk.dllC:\WINDOWS\system32\rolmyxiv.dllC:\WINDOWS\system32\tooapamw.dllC:\WINDOWS\system32\ubsgqatb.dllC:\WINDOWS\system32\vbnektnv.dllC:\WINDOWS\system32\vuytiwai.dllC:\WINDOWS\system32\xmraooyi.dllBeginning removal... Attempting to delete C:\WINDOWS\system32\dmawodhg.dllC:\WINDOWS\system32\dmawodhg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yqtppxul.dllC:\WINDOWS\system32\yqtppxul.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jjllm.iniC:\WINDOWS\system32\jjllm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\jjllm.ini2C:\WINDOWS\system32\jjllm.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\khfghfg.dllC:\WINDOWS\system32\khfghfg.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\kkbhwyqj.dllC:\WINDOWS\system32\kkbhwyqj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\lfqjkpwb.dllC:\WINDOWS\system32\lfqjkpwb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mdeflneg.dllC:\WINDOWS\system32\mdeflneg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mlljj.dllC:\WINDOWS\system32\mlljj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qscawxdk.dllC:\WINDOWS\system32\qscawxdk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rolmyxiv.dllC:\WINDOWS\system32\rolmyxiv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tooapamw.dllC:\WINDOWS\system32\tooapamw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ubsgqatb.dllC:\WINDOWS\system32\ubsgqatb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vbnektnv.dllC:\WINDOWS\system32\vbnektnv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vuytiwai.dllC:\WINDOWS\system32\vuytiwai.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xmraooyi.dllC:\WINDOWS\system32\xmraooyi.dll Has been deleted!Performing Repairs to the registry.Done!Beginning removal... Attempting to delete C:\WINDOWS\system32\khfghfg.dllC:\WINDOWS\system32\khfghfg.dll Could not be deleted.Performing Repairs to the registry.Done!________________________________________________________Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:25:52, on 2008.01.13Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\mHotkey.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\RunDLL32.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\PAStiSvc.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [CHotkey] mHotkey.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NetworkMechanic] C:\Program Files\Network Mechanic\NetworkMechanic.exe /startupO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [7853c498] rundll32.exe "C:\WINDOWS\system32\filfkxib.dll",bO4 - HKLM\..\Run: [bM7b60f704] Rundll32.exe "C:\WINDOWS\system32\vuytiwai.dll",sO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silentO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO8 - Extra context menu item: &Search - ?p=ZNfox000O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe--End of file - 6771 bytes__________________________________________________________________ Link to post Share on other sites More sharing options...
JeanInMontana Posted January 13, 2008 ID:11809 Share Posted January 13, 2008 Hello again. Please run HJT and put a check next to this entry:O8 - Extra context menu item: &Search - ?p=ZNfox000 Click fix and exit the program. Let's run this tool for safe measures.Please download this file: SDFix.exe * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt back on the forum.Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please. Reboot and post a new log. Give me some feedback on how your running now. Link to post Share on other sites More sharing options...
svajunas Posted January 14, 2008 Author ID:11836 Share Posted January 14, 2008 (edited) My computer start a little faster but not so fast I have to wait about ~1min to start SdFix log_____-----''''''----_____-----'''''''--------SDFix: Version 1.126Run by Virgis on 2008.01.14 at 13:41Microsoft Windows XP [Version 5.1.2600]Running From: C:\DOCUME~1\Virgis\Desktop\UNUSED~1\Antivir\SDFixSafe Mode:Checking Services: Restoring Windows Registry ValuesRestoring Windows Default Hosts FileRebooting...Normal Mode:Checking Files: Trojan Files Found:C:\WINDOWS\system32\inst.dat - DeletedC:\WINDOWS\system32\web.dat - DeletedRemoving Temp Files...ADS Check:C:\WINDOWSNo streams found. C:\WINDOWS\system32No streams found. C:\WINDOWS\system32\svchost.exeNo streams found.C:\WINDOWS\system32\ntoskrnl.exeNo streams found. Final Check:catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-01-14 13:51:08Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]"s1"=dword:88cee10d"s2"=dword:09a0785a"h0"=dword:00000001[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]"h0"=dword:00000000"khjeh"=hex:db,c4,fd,6c,a7,8d,e0,6d,19,82,86,de,75,92,0a,00,ad,21,56,9d,55,.."p0"="C:\Program Files\DAEMON Tools\"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]"a0"=hex:20,01,00,00,e8,5c,8c,17,d9,c7,72,24,70,ec,96,b3,8c,ef,83,f5,ee,.."khjeh"=hex:1d,c6,e8,bd,0c,af,11,97,72,21,00,a9,ea,ad,d5,4f,27,e4,d7,6d,c7,..[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]"khjeh"=hex:64,62,02,00,38,52,40,00,c8,4d,40,00,d0,ff,ff,ff,76,6b,15,00,10,..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]"h0"=dword:00000000"khjeh"=hex:db,c4,fd,6c,a7,8d,e0,6d,19,82,86,de,75,92,0a,00,ad,21,56,9d,55,.."p0"="C:\Program Files\DAEMON Tools\"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]"a0"=hex:20,01,00,00,e8,5c,8c,17,d9,c7,72,24,70,ec,96,b3,8c,ef,83,f5,ee,.."khjeh"=hex:1d,c6,e8,bd,0c,af,11,97,72,21,00,a9,ea,ad,d5,4f,27,e4,d7,6d,c7,..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]"khjeh"=hex:64,62,02,00,48,58,2b,00,00,00,00,00,d8,ff,ff,ff,76,6b,0a,00,30,..scanning hidden registry entries ...[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\E\1+\1#\1 ]"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,6e,00,25,4c,69,.."Changed"=dword:00000000[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7091574B-11EC-951E-7535-2909270440C5}]"oafgldnnfhfbnfhkaiencofcgngcpl"=hex:6b,61,63,62,6c,6e,62,66,6b,64,6b,6c,67,63,66,64,6f,66,67,6d,6e,.."nalgjllpoehokafgpgkdfgpagpdk"=hex:6b,61,63,62,6c,6e,62,66,6b,64,6b,6c,67,63,66,64,6f,66,67,6d,6e,..scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0Remaining Services:------------------Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox""D:\\Svajuno\\Warzone 2100\\warzone.exe"="D:\\Svajuno\\Warzone 2100\\warzone.exe:*:Disabled:warzone""C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"="C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe:*:Disabled:CrazyTalk""C:\\Documents and Settings\\Virgis\\Desktop\\lancraft101b\\lancraft.exe"="C:\\Documents and Settings\\Virgis\\Desktop\\lancraft101b\\lancraft.exe:*:Disabled:lancraft""D:\\Reikalinga\\New Folder\\game.dat"="D:\\Reikalinga\\New Folder\\game.dat:*:Enabled:The Battle for Middle-earth II""D:\\Reikalinga\\New Folder\\patchget.dat"="D:\\Reikalinga\\New Folder\\patchget.dat:*:Disabled:patchgrabber""C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\game.dat:*:Enabled:The Battle for Middle-earth II""C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\patchget.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\patchget.dat:*:Disabled:patchgrabber""C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Disabled:Microsoft DirectX Diagnostic Tool""C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server""C:\\Documents and Settings\\Virgis\\Desktop\\wowclient-downloader.exe"="C:\\Documents and Settings\\Virgis\\Desktop\\wowclient-downloader.exe:*:Disabled:Blizzard Downloader""D:\\Svajuno\\LimeWire\\LimeWire.exe"="D:\\Svajuno\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire""D:\\Svajuno\\DOGAS\\cstrike.exe"="D:\\Svajuno\\DOGAS\\cstrike.exe:*:Enabled:XTCS Counter-Strike 1.6 Final Release""C:\\DOCUME~1\\Virgis\\LOCALS~1\\Temp\\win11B.tmp.exe"="C:\\DOCUME~1\\Virgis\\LOCALS~1\\Temp\\win11B.tmp.exe:*:Enabled:win11B.tmp""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""D:\\Svajuno\\cs 1.6\\hl.exe"="D:\\Svajuno\\cs 1.6\\hl.exe:*:Disabled:Half-Life Launcher""D:\\Svajuno\\cs 1.6\\hlds.exe"="D:\\Svajuno\\cs 1.6\\hlds.exe:*:Disabled:HLDS Launcher""C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Enabled:NAVBrowser""C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe""C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe""C:\\Documents and Settings\\Virgis\\Desktop\\LDC++ 1.00 v2a-bin\\LDCPlusPlus.exe"="C:\\Documents and Settings\\Virgis\\Desktop\\LDC++ 1.00 v2a-bin\\LDCPlusPlus.exe:*:Enabled:LDC++""C:\\Documents and Settings\\Virgis\\Desktop\\Unused Desktop Shortcuts\\LDC++ 1.00 v2a-bin\\LDCPlusPlus.exe"="C:\\Documents and Settings\\Virgis\\Desktop\\Unused Desktop Shortcuts\\LDC++ 1.00 v2a-bin\\LDCPlusPlus.exe:*:Enabled:LDC++""C:\\Documents and Settings\\Virgis\\Desktop\\utorrent(2).exe"="C:\\Documents and Settings\\Virgis\\Desktop\\utorrent(2).exe:*:Disabled:ęTorrent""C:\\Documents and Settings\\Virgis\\Desktop\\bc.exe"="C:\\Documents and Settings\\Virgis\\Desktop\\bc.exe:*:Disabled:bc""D:\\Svajuno\\wow\\World of Warcraft\\WoW-2.1.0-enUS-downloader.exe"="D:\\Svajuno\\wow\\World of Warcraft\\WoW-2.1.0-enUS-downloader.exe:*:Disabled:Blizzard Downloader""D:\\Svajuno\\Command and conquer\\RetailExe\\1.0\\cnc3game.dat"="D:\\Svajuno\\Command and conquer\\RetailExe\\1.0\\cnc3game.dat:*:Disabled:Command & Conquer 3 Tiberium Wars""D:\\Svajuno\\Diablo II\\Diablo II.exe"="D:\\Svajuno\\Diablo II\\Diablo II.exe:*:Disabled:Diablo II - Lord of Destruction""C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Disabled:FlashFXP v3""C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Disabled:hpfccopy.exe""C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Disabled:hpoews01.exe""C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Disabled:hpofxm08.exe""C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Disabled:hposfx08.exe""C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Disabled:hposid01.exe""C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Disabled:hpqcopy.exe""C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Disabled:hpqkygrp.exe""C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Disabled:hpqnrs08.exe""C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Disabled:hpqscnvw.exe""C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Disabled:hpqste08.exe""D:\\Muzika \\muzika\\zaidimai\\L2ParadiseAutoUpdater\\system\\l2.exe"="D:\\Muzika B)\\muzika\\zaidimai\\L2ParadiseAutoUpdater\\system\\l2.exe:*:Disabled:L2""D:\\Svajuno\\Warcraft III\\Warcraft III.exe"="D:\\Svajuno\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III""D:\\Svajuno\\Warcraft III\\War3.exe"="D:\\Svajuno\\Warcraft III\\War3.exe:*:Enabled:Warcraft III""C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent""D:\\Svajuno\\LOTR\\game.dat"="D:\\Svajuno\\LOTR\\game.dat:*:Enabled:***FATAL*** String Manager failed to initialized properly""C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\game.dat:*:Enabled:The Battle for Middle-earth II""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""D:\\Svajuno\\RatioMaster175\\RatioMaster.exe"="D:\\Svajuno\\RatioMaster175\\RatioMaster.exe:*:Enabled:Ratio Master""C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"="C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe:*:Enabled:GG E-Sports Platform Client""D:\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"="D:\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader""C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3""C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"Remaining Files:---------------File Backups: - C:\DOCUME~1\Virgis\Desktop\UNUSED~1\Antivir\SDFix\backups\backups.zipFiles with Hidden Attributes:Sat 3 Apr 2004 4,722,688 A..H. --- "C:\ADCD\ADBCD.EXE"Tue 10 Oct 2006 897,744 A..H. --- "C:\ADCD\SCAPIInterface.DLL"Sun 18 Feb 2007 335,465 A.SH. --- "C:\WINDOWS\system32\onnmp.tmp"Sun 11 Feb 2007 494,268 A.SH. --- "C:\WINDOWS\system32\onnmp.bak1"Sun 18 Feb 2007 492,287 A.SH. --- "C:\WINDOWS\system32\onnmp.bak2"Mon 9 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"Thu 15 Nov 2007 888 ...HR --- "C:\Documents and Settings\Virgis\Application Data\SecuROM\UserData\securom_v7_01.bak"Finished!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:08:50, on 2008.01.14Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\mHotkey.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\RunDLL32.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [CHotkey] mHotkey.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NetworkMechanic] C:\Program Files\Network Mechanic\NetworkMechanic.exe /startupO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [7853c498] rundll32.exe "C:\WINDOWS\system32\filfkxib.dll",bO4 - HKLM\..\Run: [bM7b60f704] Rundll32.exe "C:\WINDOWS\system32\aklmfpmc.dll",sO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silentO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe--End of file - 6752 bytes Edited January 15, 2008 by svajunas Reverse log order per instructions Link to post Share on other sites More sharing options...
JeanInMontana Posted January 14, 2008 ID:11847 Share Posted January 14, 2008 Open HJT and put a check next to these items:O4 - HKLM\..\Run: [7853c498] rundll32.exe "C:\WINDOWS\system32\filfkxib.dll",bO4 - HKLM\..\Run: [bM7b60f704] Rundll32.exe "C:\WINDOWS\system32\aklmfpmc.dll",sO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundclick fix and exit HJT, reboot and post a new HJT log please. Link to post Share on other sites More sharing options...
svajunas Posted January 15, 2008 Author ID:11886 Share Posted January 15, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:09:00, on 2008.01.15Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\mHotkey.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\WINDOWS\system32\RunDLL32.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [CHotkey] mHotkey.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [NetworkMechanic] C:\Program Files\Network Mechanic\NetworkMechanic.exe /startupO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [bM7b60f704] Rundll32.exe "C:\WINDOWS\system32\kopjjata.dll",sO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silentO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe--End of file - 6596 bytesAnd one more thing When I try to play games or work with microsoft office programs my comp forzes after 45 min what should I do ??? Link to post Share on other sites More sharing options...
JeanInMontana Posted January 16, 2008 ID:11907 Share Posted January 16, 2008 Hi open HJT and put a check next to these lines below:O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"O4 - HKLM\..\Run: [bM7b60f704] Rundll32.exe "C:\WINDOWS\system32\kopjjata.dll",sPut a check next to them and click fix.Please set your system to show all files; Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View Tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Click OK.Then find this file C:\WINDOWS\system32\kopjjata.dll",s and delete it. If you can't find it get this:Author: Option^Explicit Download LocationLicense: Freeware KillBox Download Link http://download.bleepingcomputer.com/spyware/KillBox.exeOperating System: WindowsFile Description:Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them.Usage Information:Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.Make sure you have deleted all old fixes we have used they are all outdated now and may cause confusion for new fixes.Get a copy of RogueRemover Pro from the link in my signature or from the top of this page and run it. Let it remove everything it finds.Post back a fresh HJT log and we will see how we are doing. Link to post Share on other sites More sharing options...
JeanInMontana Posted January 24, 2008 ID:12317 Share Posted January 24, 2008 Because there has been no reply I will close this topic to prevent others from posting in it. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts