Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Taken007

18 Posts

1097

July 3rd, 2006 18:00

runsrv32 Virus

This is copy of my smitfraudfi.cmd log file....
SmitFraudFix v2.67
Scan done at 14:29:46.51, Mon 07/03/2006
Run from C:\Documents and Settings\krishanarjun\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\adware-sheriff-box.gif FOUND !
C:\WINDOWS\adware-sheriff-header.gif FOUND !
C:\WINDOWS\alexaie.dll FOUND !
C:\WINDOWS\alxie328.dll FOUND !
C:\WINDOWS\alxtb1.dll FOUND !
C:\WINDOWS\antispylab-logo.gif FOUND !
C:\WINDOWS\about_spyware_bg.gif FOUND !
C:\WINDOWS\about_spyware_bottom.gif FOUND !
C:\WINDOWS\as.gif FOUND !
C:\WINDOWS\as_header.gif FOUND !
C:\WINDOWS\bg.gif FOUND !
C:\WINDOWS\blue-bg.gif FOUND !
C:\WINDOWS\box_1.gif FOUND !
C:\WINDOWS\box_2.gif FOUND !
C:\WINDOWS\box_3.gif FOUND !
C:\WINDOWS\BTGrab.dll FOUND !
C:\WINDOWS\button_buynow.gif FOUND !
C:\WINDOWS\button_freescan.gif FOUND !
C:\WINDOWS\buy-now-btn.gif FOUND !
C:\WINDOWS\close-bar.gif FOUND !
C:\WINDOWS\corner-left.gif FOUND !
C:\WINDOWS\corner-right.gif FOUND !
C:\WINDOWS\dlmax.dll FOUND !
C:\WINDOWS\download_box.gif FOUND !
C:\WINDOWS\facts.gif FOUND !
C:\WINDOWS\features.gif FOUND !
C:\WINDOWS\footer.giff FOUND !
C:\WINDOWS\footer_back.gif FOUND !
C:\WINDOWS\footer_back.jpg FOUND !
C:\WINDOWS\free-scan-btn.gif FOUND !
C:\WINDOWS\h-line-gradient.gif FOUND !
C:\WINDOWS\header_1.gif FOUND !
C:\WINDOWS\header_2.gif FOUND !
C:\WINDOWS\header_3.gif FOUND !
C:\WINDOWS\header_4.gif FOUND !
C:\WINDOWS\header-bg.gif FOUND !
C:\WINDOWS\infected.gif FOUND !
C:\WINDOWS\info.gif FOUND !
C:\WINDOWS\main_back.gif FOUND !
C:\WINDOWS\no-icon.gif FOUND !
C:\WINDOWS\Pynix.dll FOUND !
C:\WINDOWS\reg-freeze-box.gif FOUND !
C:\WINDOWS\reg-freeze-header.gif FOUND !
C:\WINDOWS\remove-spyware-btn.gif FOUND !
C:\WINDOWS\rf.gif FOUND !
C:\WINDOWS\rf_header.gif FOUND !
C:\WINDOWS\scan_btn.gif FOUND !
C:\WINDOWS\security-center-bg.gif FOUND !
C:\WINDOWS\security-center-logo.gif FOUND !
C:\WINDOWS\security_center_caption.gif FOUND !
C:\WINDOWS\sep_hor.gif FOUND !
C:\WINDOWS\sep_vert.gif FOUND !
C:\WINDOWS\spacer.gif FOUND !
C:\WINDOWS\spyware-detected.gif FOUND !
C:\WINDOWS\spyware-sheriff-header.gif FOUND !
C:\WINDOWS\spyware-sheriff-box.gif FOUND !
C:\WINDOWS\star.gif FOUND !
C:\WINDOWS\star-grey.gif FOUND !
C:\WINDOWS\star_gray.gif FOUND !
C:\WINDOWS\star_gray_small.gif FOUND !
C:\WINDOWS\star_small.gif FOUND !
C:\WINDOWS\susp.exe FOUND !
C:\WINDOWS\true-stories.gif FOUND !
C:\WINDOWS\ts.gif FOUND !
C:\WINDOWS\ts_header.gif FOUND !
C:\WINDOWS\v.gif FOUND !
C:\WINDOWS\warning_icon.gif FOUND !
C:\WINDOWS\warning-bar-ico.gif FOUND !
C:\WINDOWS\win_logo.gif FOUND !
C:\WINDOWS\win-sec-center-logo.gif FOUND !
C:\WINDOWS\windows-compatible.gif FOUND !
C:\WINDOWS\x.gif FOUND !
C:\WINDOWS\yes-icon.gif FOUND !
C:\WINDOWS\ZServ.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\a.exe FOUND !
C:\WINDOWS\system32\adobepnl.dll FOUND !
C:\WINDOWS\system32\alxres.dll FOUND !
C:\WINDOWS\system32\bridge.dll FOUND !
C:\WINDOWS\system32\dailytoolbar.dll FOUND !
C:\WINDOWS\system32\exuc32.tmp FOUND !
C:\WINDOWS\system32\jao.dll FOUND !
C:\WINDOWS\system32\parad.raw.exe FOUND !
C:\WINDOWS\system32\qjrkvy.exe FOUND !
C:\WINDOWS\system32\questmod.dll FOUND !
C:\WINDOWS\system32\runsrv32.dll FOUND !
C:\WINDOWS\system32\runsrv32.exe FOUND !
C:\WINDOWS\system32\taskdir.dll FOUND !
C:\WINDOWS\system32\taskdir.exe FOUND !
C:\WINDOWS\system32\tcpservice2.exe FOUND !
C:\WINDOWS\system32\thlwin32.dll FOUND !
C:\WINDOWS\system32\txfdb32.dll FOUND !
C:\WINDOWS\system32\udpmod.dll  FOUND !
C:\WINDOWS\system32\users32.exe FOUND !
C:\WINDOWS\system32\winbl32.dll  FOUND !
C:\WINDOWS\system32\winflash.dll FOUND !
C:\WINDOWS\system32\winsrv32.exe FOUND !
C:\WINDOWS\system32\wstart.dll FOUND !
C:\WINDOWS\system32\zlbw.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\krishanarjun\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\TitanShield Antispyware FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KRISHA~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\TitanShield Antispyware\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=" http://www.parascope.com/articles/0697/area51.jpg"
"SubscribedURL"=" http://www.parascope.com/articles/0697/area51.jpg"
"FriendlyName"=""
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"=" http://www.ufomind.com/area51/photos/charles_ames/ames_sign_cu.jpg"
"SubscribedURL"=" http://www.ufomind.com/area51/photos/charles_ames/ames_sign_cu.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"=" http://www.ufomind.com/area51/logobig.jpg"
"SubscribedURL"=" http://www.ufomind.com/area51/logobig.jpg"
"FriendlyName"=""
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
 
 
 
And HijackThis Log file......
 
Logfile of HijackThis v1.99.1
Scan saved at 2:57:43 PM, on 7/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\users32.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\krishanarjun\Desktop\HijackThis.exe
C:\WINDOWS\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://search.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://findloss.com/srchasst.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: adobepnl.ADOBE_PANEL - {A40D9D65-5C09-421A-AFF8-2160D7ABD4E7} - C:\WINDOWS\system32\adobepnl.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [DeInst.exe] C:\Documents and Settings\krishanarjun\My Documents\deinst.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125628149203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125628106109
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 

Bugbatter

4 Apprentice

 • 

20.5K Posts

July 3rd, 2006 18:00

Taken007,
I do declare your computer will be giving a sigh of relief when this one is over!
Photobucket - Video and Image Hosting
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

If you have not done so already, Download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

  2. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  3. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'
  4. Right click on ewido in the system tray and uncheck "Start with Windows".
    Go to Start > Run and type: services.msc
  5. Press "OK".
  6. In Services, click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
  7. When you find the guard service, double-click on it.
  8. In the Properties Window > General Tab that opens, click the "Stop" button.
  9. From the drop-down menu next to "Startup Type", click on "Manual".
  10. Now click "Apply", then "OK" and close the Services window.
  11. Once the setup is complete you will need run ewido and update the definition files.
  12. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you are having problems with the updater, manually update with the Ewido Full database installer from here.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    • Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
      • Close ewido anti-spyware, Do Not run a scan just yet.

        Reboot your computer in Safe Mode.

        * If the computer is running, shut down Windows, and then turn off the power.
        * Wait 30 seconds, and then turn the computer on.
        * Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
        * Ensure that the Safe Mode option is selected.
        * Press Enter. The computer then begins to start in Safe mode.
        * Login on your usual account.

        ______________________________

        Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
        Select option #2 - Clean by typing 2 and press Enter.
        Wait for the tool to complete and disk cleanup to finish.
        You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
        The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

        A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

        The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
        ______________________________

        Clean out your Temporary Internet files. Proceed like this:

        * Quit Internet Explorer and quit any instances of Windows Explorer.
        * Click Start, click Control Panel, and then double-click Internet Options.
        * On the General tab, click Delete Files under Temporary Internet Files.
        * In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
        * On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
        * Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
        * Click OK.

        Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

        Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
        ______________________________

        Close ALL open Windows / Programs / Folders.

        Launch ewido-anti-spyware by double-clicking the icon on your desktop.
        Select the " Scanner" icon at the top and then the " Scan" tab then click on " Complete System Scan".
        ewido will now begin the scanning process, be patient this may take a little time.
        Once the scan is complete do the following:

        If you have any infections you will prompted, then select " Apply all actions"
        Next select the " Reports" icon at the top.
        Select the " Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
        Close ewido and reboot your system back into Normal Mode.

        Please post:

        1. c:\rapport.txt
        2. Ewido report
        3. A new HijackThis log
        Let me know how things are running.

      Taken007

      18 Posts

      July 3rd, 2006 18:00

      sorry i forgot to mention what kind of problem i m having.

      When I start my computer C:/windows/system32/runsrv32.exe runs after in my desktop and before i try to close that it goes away. And when I also try to run McAFee software it give me error and doesn't run the scanning.
       
      I also try to run scanning from this website.....
       
      and before it finish scanning my Internet explorer closed by it self.
       
      Also ad message pops up and when i close the pop up another popup goes to the http://protectmypc.net/ url.
       
      Now i dont what to do.
       
      Thanks.

      Taken007

      18 Posts

      July 3rd, 2006 19:00

      Question please......

      After the step Deleting temparary Internet files should i do the next step in safe mode or regular mode??

      Thanks for the help.

       

      Taken007

      18 Posts

      July 3rd, 2006 22:00

      SmitFraudFix v2.67

      Scan done at 17:15:16.50, Mon 07/03/2006

      Run from C:\Documents and Settings\krishanarjun\Desktop\SmitfraudFix

      OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

      Fix ran in safe mode

      »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri

      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Killing process

       

      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri

       

      »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

       

      »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

       

      »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

      Taken007

      18 Posts

      July 3rd, 2006 22:00

      ---------------------------------------------------------
      ewido anti-spyware - Scan Report
      ---------------------------------------------------------
       + Created at: 6:56:25 PM 7/3/2006
       + Scan result: 
       
      HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Adware.AdDestroyer : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Adware.AdDestroyer : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Adware.AdDestroyer : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Adware.AdDestroyer : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Alexa Internet -> Adware.Alexa : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\AlxTB.BHO -> Adware.Alexa : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\PopMenu.Menu -> Adware.Alexa : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\Popup.PopupKiller -> Adware.Alexa : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\BO2802040113.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\in4bdlA.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\turbo.inf -> Adware.BetterInternet : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\Bridge.brdg -> Adware.BlazeFind : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\WindowsSB.Band -> Adware.BlazeFind : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\WindowsSB.Band.1 -> Adware.BlazeFind : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\WindowsSB.Band\CLSID -> Adware.BlazeFind : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\WindowsSB.Band\CurVer -> Adware.BlazeFind : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\WindowsSB.EventHandler -> Adware.BlazeFind : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\WindowsSB.EventHandler.1 -> Adware.BlazeFind : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\WindowsSB.EventHandler\CLSID -> Adware.BlazeFind : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\WindowsSB.EventHandler\CurVer -> Adware.BlazeFind : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\jao.jao -> Adware.BlazeFind : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32 -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\ADBN1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\ADVC5.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\ADVCTX2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\ASIWS3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\AUTOS1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\BID1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\BingoRoom1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\CARD2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\CARS3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\CASH2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\DATE3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\DEBT1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\DENT1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\EML1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\EXPE2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\FAST1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\FINC3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\FINC4.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\FLWR1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\FMND1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\HEAL3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\HOMES3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\INK1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\INSUR4.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\JOBS3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\MORT1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\MOVS1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\NEWS1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\OPPR2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\SHOP1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\SPZ3.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\TECH1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\TMP1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\TV1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\UTONE1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\VENUE1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\WOMEN1.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      C:\WINDOWS\bsx32\XTFL2.bsx -> Adware.BookedSpace : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\RVP -> Adware.BroadCastPC : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\cdsync.dll -> Adware.Couponage : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\AppID\DailyToolbar.DLL -> Adware.DailyToolbar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\DailyToolbar.IEBand -> Adware.DailyToolbar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\DailyToolbar.SysMgr -> Adware.DailyToolbar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\IEToolbar.AffiliateCtl -> Adware.DailyToolbar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\NIX Solutions\DailyToolbar -> Adware.DailyToolbar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\DelFin -> Adware.Delfin : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\DelFin\PromulGate -> Adware.Delfin : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Adware.Delfin : Cleaned with backup (quarantined).
      HKU\S-1-5-21-2018322775-2243138800-104724495-1006\Software\DelFin -> Adware.Delfin : Cleaned with backup (quarantined).
      HKU\S-1-5-21-2018322775-2243138800-104724495-1006\Software\DelFin\PromulGate -> Adware.Delfin : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1023\A0193287.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1023\A0193288.DLL -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1022\A0192744.dll -> Adware.DlMax : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204663.dll -> Adware.DlMax : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204613.dll -> Adware.F1Organizer : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\fswinst.ocx -> Adware.FreeScratch : Cleaned with backup (quarantined).
      C:\Program Files\FSW -> Adware.FreeScratchAndWin : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\CMEII\CMEIIAPI.dll -> Adware.Gator : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\CMEII\CMEUpd.exe -> Adware.Gator : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\CMEII\GController.dll -> Adware.Gator : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\CMEII\GDwldEng.dll -> Adware.Gator : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\CMEII\GFormCTM.dll -> Adware.Gator : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\CMEII\GIoclClient.dll -> Adware.Gator : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\CMEII\GSvcMgr.dll -> Adware.Gator : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\CMEII\GSvcSAP.dll -> Adware.Gator : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\GMT\EGIEProcess.dll -> Adware.Gator : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\GMT\GUninstaller.exe -> Adware.Gator : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\GMT\GatorStubSetup.exe -> Adware.Gator : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1018.dll -> Adware.Gator : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1018.dll -> Adware.Gator : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1018.dll -> Adware.Gator : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1018.dll -> Adware.Gator : Cleaned with backup (quarantined).
      C:\Program Files\IncrediFind -> Adware.Incredifind : Cleaned with backup (quarantined).
      C:\Program Files\IncrediFind\BHO -> Adware.Incredifind : Cleaned with backup (quarantined).
      C:\Program Files\IncrediFind\BHO\date.txt -> Adware.Incredifind : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
      HKU\S-1-5-21-2018322775-2243138800-104724495-1006\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
      HKU\S-1-5-21-2018322775-2243138800-104724495-1006\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      July 3rd, 2006 22:00

      Stay in Safemode until you see this line at the end:
      Close ewido and reboot your system back into Normal Mode.

      If you did not do that, please go back and run ewido in Safemode. In your next post, please include all ewido logs and a new HijackThis log. Thanks.

      Taken007

      18 Posts

      July 3rd, 2006 22:00

      This continue of Ewido report........

      HKU\S-1-5-21-2018322775-2243138800-104724495-1006\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\msnimk.gif -> Adware.Ipend : Cleaned with backup (quarantined).
      C:\WINDOWS\isrvs\isearch.xpi/chrome/isearch.jar/content/isearch/isearch.js -> Adware.ISearch : Cleaned with backup (quarantined).
      C:\Program Files\ISTsvc -> Adware.ISTBar : Cleaned with backup (quarantined).
      C:\Program Files\ISTsvc\istsvc.exe -> Adware.ISTBar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\ISTsvc -> Adware.ISTBar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\ISTsvc\history -> Adware.ISTBar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Adware.ISTBar : Cleaned with backup (quarantined).
      HKU\S-1-5-21-2018322775-2243138800-104724495-1006\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
      HKU\S-1-5-21-2018322775-2243138800-104724495-1006\Software\Updater -> Adware.KeenValue : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\guard.tmp -> Adware.Look2Me : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FREE_ADULT_PLUGIN.EXE -> Adware.Lop : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\FREE_ADULT_PLUGIN.EXE -> Adware.Lop : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\mp3.exe -> Adware.Lop : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\Proto.handler -> Adware.LOP : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\Proto.handler.1 -> Adware.LOP : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\Proto.handler\CLSID -> Adware.LOP : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\Proto.handler\CurVer -> Adware.LOP : Cleaned with backup (quarantined).
      HKU\S-1-5-21-2018322775-2243138800-104724495-1006\Software\masterbar -> Adware.MasterBar : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx -> Adware.MediaTickets : Cleaned with backup (quarantined).
      C:\Program Files\WebSavingsfromEbates -> Adware.MoneyMaker : Cleaned with backup (quarantined).
      C:\Program Files\WebSavingsfromEbates\Applications -> Adware.MoneyMaker : Cleaned with backup (quarantined).
      C:\Program Files\WebSavingsfromEbates\System -> Adware.MoneyMaker : Cleaned with backup (quarantined).
      C:\Program Files\WebSavingsfromEbates\System\Code -> Adware.MoneyMaker : Cleaned with backup (quarantined).
      C:\Program Files\WebSavingsfromEbates\System\Html -> Adware.MoneyMaker : Cleaned with backup (quarantined).
      C:\Program Files\WebSavingsfromEbates\System\Images -> Adware.MoneyMaker : Cleaned with backup (quarantined).
      C:\Program Files\WebSavingsfromEbates\System\System -> Adware.MoneyMaker : Cleaned with backup (quarantined).
      C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates.inf -> Adware.MoneyMaker : Cleaned with backup (quarantined).
      C:\Program Files\NewDotNet(2)\newdotnet4_80(2).dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
      C:\Program Files\NewDotNet(4)\newdotnet4_80(2).dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
      C:\WINDOWS\NDNuninstall4_34.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
      C:\WINDOWS\NDNuninstall4_50.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
      C:\WINDOWS\NDNuninstall4_80.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\webdlg32.dll -> Adware.SBSoft : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\SWRT01.RT -> Adware.SecondThought : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid -> Adware.SecondThought : Cleaned with backup (quarantined).
      C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
      C:\Program Files\SurfAccuracy\diff.cfg.d70f373c3b675e4ba0176f0fd66a75bb.a2ae7c33b29519fb989c504778933258 -> Adware.SurfAccuracy : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\SWRT01.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\RespondMiter -> Adware.VX2 : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\websearch_ipinsight.xml -> Adware.WebSearch : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1064\A0199520.exe -> Adware.WinAD : Cleaned with backup (quarantined).
      C:\Program Files\WindowsSB\WinSB.dll -> Adware.WinSB : Cleaned with backup (quarantined).
      C:\Program Files\YourSiteBar -> Adware.YourSiteBar : Cleaned with backup (quarantined).
      C:\Program Files\YourSiteBar\imagemap_normal.bmp -> Adware.YourSiteBar : Cleaned with backup (quarantined).
      C:\Program Files\YourSiteBar\imagemap_over.bmp -> Adware.YourSiteBar : Cleaned with backup (quarantined).
      C:\Program Files\YourSiteBar\version.txt -> Adware.YourSiteBar : Cleaned with backup (quarantined).
      C:\Program Files\YourSiteBar\yoursitebar.xml -> Adware.YourSiteBar : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1017\A0192482.dll -> Backdoor.Haxdoor.in : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1017\A0192635.dll -> Backdoor.Haxdoor.in : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1023\A0193239.dll -> Backdoor.Haxdoor.in : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1017\A0192480.sys -> Backdoor.Haxdoor.ir : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1017\A0192481.sys -> Backdoor.Haxdoor.ir : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\netpe32.dll -> Dialer.EGroup.f : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.2\mp3search.exe -> Dialer.Generic : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\mp3search.exe -> Dialer.Generic : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\EGHTMLDialer.HTMLDialer -> Dialer.Generic : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\EGHTMLDialer.HTMLDialer.1 -> Dialer.Generic : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\EGHTMLDialer.HTMLDialer\CLSID -> Dialer.Generic : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\EGHTMLDialer.HTMLDialer\CurVer -> Dialer.Generic : Cleaned with backup (quarantined).
      C:\WINDOWS\iedisco.exe -> Dialer.Minidial.a : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1023\A0192777.exe -> Downloader.Adload.aq : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\cdlsp.dll -> Downloader.Agent.br : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\DS3.dll -> Downloader.Agent.jt : Cleaned with backup (quarantined).
      C:\WINDOWS\nem220.dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.10\ISTactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.11\ISTactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.12\ISTactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ISTactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ISTactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.3\ISTactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.4\ISTactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.5\ISTactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.6\ISTactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.7\ISTactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\CONFLICT.8\ISTactivex.dll -> Downloader.IstBar : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1023\A0193283.exe -> Downloader.IstBar.ij : Cleaned with backup (quarantined).
      C:\Program Files\KaZaA\PerfectNavUninstall.exe -> Downloader.Keenval.e : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\QDow.dll -> Downloader.QDown.d : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\voblaizdupla.exe -> Downloader.Small.ciw : Cleaned with backup (quarantined).
      C:\23100247.exe -> Downloader.Small.cxx : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\ptvlryjk.exe -> Downloader.Small.dbx : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1023\A0192775.dll -> Downloader.VB.aan : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1023\A0192778.exe -> Downloader.VB.aan : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\tdzzikfu.exe -> Downloader.VB.aan : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1083\A0204570.exe -> Downloader.VB.afr : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\lqvadnot.exe -> Downloader.VB.afr : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\EGHTMLDialer.dll -> Downloader.Wintrim.n : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\ieaccess2.dll -> Downloader.Wintrim.q : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\winupd.exe -> Dropper.Small.ig : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81} -> Hijacker.Generic : Cleaned with backup (quarantined).
      HKU\S-1-5-21-2018322775-2243138800-104724495-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup (quarantined).
      C:\WINDOWS\browser.exe -> Hijacker.Small : Cleaned with backup (quarantined).
      C:\WINDOWS\hh.htt -> Hijacker.Small : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\mseggo.gif -> Logger.Delf.dx : Cleaned with backup (quarantined).
      C:\WINDOWS\ISNSYS.dll -> Logger.Justin : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned with backup (quarantined).

      Taken007

      18 Posts

      July 3rd, 2006 22:00

      Logfile of HijackThis v1.99.1
      Scan saved at 7:11:38 PM, on 7/3/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\devldr32.exe
      C:\WINDOWS\explorer.exe
      C:\PROGRA~1\mcafee.com\agent\McAgent.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      C:\WINDOWS\System32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\CTsvcCDA.EXE
      c:\program files\mcafee.com\agent\mcdetect.exe
      c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
      C:\Documents and Settings\krishanarjun\Desktop\HijackThis.exe
      C:\WINDOWS\notepad.exe
      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://search.microsoft.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search.microsoft.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.microsoft.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://findloss.com/srchasst.html
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      F2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
      O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
      O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
      O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
      O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
      O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
      O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
      O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
      O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
      O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
      O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
      O2 - BHO: adobepnl.ADOBE_PANEL - {A40D9D65-5C09-421A-AFF8-2160D7ABD4E7} - C:\WINDOWS\system32\adobepnl.dll (file missing)
      O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
      O3 - Toolbar: Windows Search Bar - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - C:\PROGRA~1\WIACA5~1\WinSB.dll (file missing)
      O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
      O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
      O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
      O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
      O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
      O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - HKCU\..\Run: [DeInst.exe] C:\Documents and Settings\krishanarjun\My Documents\deinst.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
      O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
      O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
      O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125628149203
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125628106109
      O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
      O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
       

      Taken007

      18 Posts

      July 3rd, 2006 22:00

      Things are running fine rite now.

      In the Ewido Report two things are not quarantined which are.....

      [796] C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal.aa : Error during cleaning.
      [808] C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal.aa : Error during cleaning.

      Are these Viruses??

      Thank You Very much for everybodys help.

      Taken007

      18 Posts

      July 3rd, 2006 22:00

      This continue of Ewido report.........

      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1083\A0204569.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204683.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1083\A0204543.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1083\A0204545.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1083\A0204548.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204622.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204634.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204643.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204652.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204668.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204674.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204685.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1023\A0192754.exe -> Not-A-Virus.Hoax.Win32.VB.l : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1023\A0192776.dll -> Not-A-Virus.Hoax.Win32.VB.l : Cleaned with backup (quarantined).
      C:\Program Files\WebSiteViewer\127703.dlr -> Not-A-Virus.PornDownloader.Win32.TibSystems : Cleaned with backup (quarantined).
      C:\Program Files\RealVNC\VNC4\winvnc4.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4110 : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204655.dll -> Proxy.Lager.aq : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204673.exe -> Proxy.Lager.at : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1084\A0204678.exe -> Proxy.Lager.at : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1003\A0178290.exe -> Proxy.Lager.aw : Cleaned with backup (quarantined).
      :mozilla.100:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
      :mozilla.58:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
      :mozilla.84:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
      :mozilla.89:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
      :mozilla.90:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
      :mozilla.97:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
      :mozilla.31:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
      :mozilla.17:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.18:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.20:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.21:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.30:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.31:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.32:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.69:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.77:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.78:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.79:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.80:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.81:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
      :mozilla.102:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

      Taken007

      18 Posts

      July 3rd, 2006 22:00

      This is continue of Ewido report.......
       
      :mozilla.96:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.98:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.99:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.19:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
      :mozilla.20:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
      :mozilla.21:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
      :mozilla.94:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
      :mozilla.97:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
      :mozilla.102:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
      :mozilla.103:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
      :mozilla.104:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
      :mozilla.105:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
      :mozilla.106:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
      :mozilla.107:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
      :mozilla.47:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
      :mozilla.64:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
      :mozilla.17:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Xxxcounter : Cleaned with backup (quarantined).
      :mozilla.37:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
      :mozilla.38:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
      :mozilla.39:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
      :mozilla.40:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
      :mozilla.41:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
      :mozilla.42:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
      :mozilla.43:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
      :mozilla.75:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
      :mozilla.76:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
      :mozilla.98:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
      :mozilla.44:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
      :mozilla.45:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
      :mozilla.80:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
      :mozilla.81:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
      :mozilla.82:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\tsvaisye.aoi -> Trojan.Agent.qe : Cleaned with backup (quarantined).
      C:\WINDOWS\Downloaded Program Files\rdgUS1882.exe -> Trojan.Dialer.ht : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\o2oService_2.dll -> Trojan.P2E.bg : Cleaned with backup (quarantined).
      C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal.aa : Cleaned with backup (quarantined).
      [796] C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal.aa : Error during cleaning.
      [808] C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal.aa : Error during cleaning.
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1017\A0192484.dll -> Trojan.Sinowal.m : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1017\A0192485.dll -> Trojan.Sinowal.m : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1017\A0192486.exe -> Trojan.Sinowal.m : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1004\A0178299.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1005\A0178311.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1005\A0178316.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1005\A0178321.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1006\A0178326.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1017\A0192491.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1017\A0192599.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1017\A0192613.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1023\A0193219.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1033\A0193576.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1041\A0193838.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1042\A0194267.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1042\A0194410.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1045\A0195167.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\ilsnirsr.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\jagvwroj.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\WINDOWS\SYSTEM32\wtkotzum.exe -> Trojan.Small : Cleaned with backup (quarantined).
      C:\WINDOWS\odbs.log -> Trojan.Valg : Cleaned with backup (quarantined).
      C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup (quarantined).
      C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).

      ::Report end

      Taken007

      18 Posts

      July 3rd, 2006 22:00

      This is continue of Ewido report.......

      :mozilla.19:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
      :mozilla.33:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
      :mozilla.78:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
      :mozilla.79:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
      :mozilla.25:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
      :mozilla.26:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
      :mozilla.27:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
      :mozilla.28:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
      :mozilla.30:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
      :mozilla.93:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
      :mozilla.33:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
      :mozilla.85:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
      :mozilla.86:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
      :mozilla.87:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
      :mozilla.88:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
      :mozilla.90:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
      :mozilla.91:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
      :mozilla.104:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
      :mozilla.99:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
      :mozilla.18:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
      :mozilla.35:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
      :mozilla.72:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
      :mozilla.117:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
      :mozilla.118:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
      :mozilla.119:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
      :mozilla.49:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
      :mozilla.50:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
      :mozilla.52:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
      :mozilla.77:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
      :mozilla.79:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
      :mozilla.80:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
      :mozilla.81:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
      :mozilla.15:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
      :mozilla.16:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
      :mozilla.53:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
      :mozilla.54:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
      :mozilla.55:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
      :mozilla.28:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
      :mozilla.34:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
      :mozilla.48:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
      :mozilla.54:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
      :mozilla.104:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.55:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.56:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.57:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.58:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.59:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\ca6isvu3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.64:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.65:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.66:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.67:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.73:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.74:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.75:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.76:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
      :mozilla.45:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
      :mozilla.46:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
      :mozilla.47:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
      :mozilla.68:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
      :mozilla.69:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
      :mozilla.70:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
      :mozilla.74:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
      :mozilla.31:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.32:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.33:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.34:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.35:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.36:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.37:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.38:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.39:C:\Documents and Settings\007\Application Data\Mozilla\Firefox\Profiles\a1ytbsnj.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.89:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.90:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.91:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.92:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.93:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.94:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
      :mozilla.95:C:\Documents and Settings\krishanarjun\Application Data\Mozilla\Firefox\Profiles\muvmgl9v.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      July 3rd, 2006 23:00

      They are Trojans, and you still have some infection in there. It would be good if you stay off the internet with that machine until I can get the rest of your fix posted. I wouldn't want anything else to climb aboard until we can get things cleaner for you. I should have something posted within an hour.

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      July 4th, 2006 00:00

      BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

      Download and run CWShredder 2.19 from http://www.trendmicro.com/cwshredder/

      Launch the executable for CWShredder and then click "Check for Update"
      Download and install any updates.
      Now, close any open windows except for CWShredder and then click "Fix ->"
      It should take about a minute to run, then click "Next ->" You'll see three lines starting with "Restoring" to let you know the scan is finished.

      Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in.
      Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.


      Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column.
      Select VX2 Cleaner V2.0 and click Run Tool.
      Click "OK", then, if something is found, click "Clean" as in the directions given.
      Click "Close", and exit Ad-Aware.

      Reboot your PC and run Ad-Aware again.
      This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next.
      Once the scan finishes, click "Next" again.
      Select the objects you want to add to the ignore list in the Scan Summary, Critical Objects, or Negligible Objects lists on the Scanning Results screen.
      If you are running McAfee, any McAfee entries listed need to be added to the ignore list!
      Right click and select "Add selected to ignore list"
      A pop-up window showing the number of objects that will be added to the ignore list opens. Click "OK" to continue.

      The object is now added to the Ignore List. Run a new scan to select the remaining objects to be quarantined.

      * Click Next to remove the objects selected, and click OK at the prompt.

      Reboot into Safemode:
      Turn on the computer.
      Immediately begin tapping the F8 key
      Use the arrow keys to highlight Safe Mode and press the Enter key.

      Configure to show all files/folders:
      Go to Start>Search and at the top select Tools>Folder Options
      Select the View tab
      Display the contents of system folders
      Show hidden files and folders
      Uncheck: Hide protected operating system files
      Click on Apply.
      Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
      Be sure the first three boxes are selected:
      Search System folders
      Search Hidden Files and folders
      Search SubFolders

      **Rightclick on an empty space on your desktop and choose New > Folder
      Name it HijackThis (HJT, or whatever)
      Rightclick HijackThis.exe, choose Cut.
      Doubleclick (to open) the folder you created.
      Rightclick inside and choose Paste.

      Please launch HijackThis and place a checkmark next to these items if they still exist:

      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://findloss.com/srchasst.html
      F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
      O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
      O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
      O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
      O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll (file missing)
      O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
      O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
      O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
      O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
      O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
      O2 - BHO: adobepnl.ADOBE_PANEL - {A40D9D65-5C09-421A-AFF8-2160D7ABD4E7} - C:\WINDOWS\system32\adobepnl.dll (file missing)
      O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
      O3 - Toolbar: Windows Search Bar - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - C:\PROGRA~1\WIACA5~1\WinSB.dll (file missing)
      O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
      O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
      O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
      O4 - HKCU\..\Run: [DeInst.exe] C:\Documents and Settings\krishanarjun\My Documents\deinst.exe
      O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -

      If you are not using a proxy check this one:
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

      Close all windows except HijackThis and click "Fix Checked".

      Please delete the specified files if they still exist:
      C:\WINDOWS\system32\ runsrv32.exe --file
      C:\WINDOWS\system32\ susp.exe --file
      C:\WINDOWS\system32\ taskdir.exe --file
      C:\Documents and Settings\krishanarjun\My Documents\ deinst.exe --file
      C:\Program Files\Common Files\Microsoft Shared\Web Folders\ ibm00001.exe --file
      \WINNT\%username%\Application Data\winshow\ winshow.dll --file
      \WINNT\%username%\Application Data\winshow\ winlink.dll --file
      C:\Program Files\Common Files\Microsoft Shared\Web Folders\ ibm00002.dll --file

      Reboot normally.

      Go back and rehide files:
      Configure to show all files/folders:
      Go to Start>Search and at the top select Tools>Folder Options
      Select the View tab
      Display the contents of system folders
      Check: Hide protected operating system files
      Click on Apply.

      Download and scan each user profile with CCleaner:
      http://www.ccleaner.com/downloadbuilds.asp
      ** Select to download the BASIC version.
      1. Before first use, select Options > Advanced and UNCHECK
      " Only delete files in Windows Temp folder older than 48 hours"
      2. Then select the items you wish to clean up.
      In the Windows Tab:
      • Clean all entries in the "Internet Explorer" section except Cookies (if you want to keep those).
      • Clean all the entries in the "Windows Explorer" section.
      • Clean all entries in the "System" section.
      • Clean all entries in the "Advanced" section.
      • Clean any others that you choose.
      In the Applications Tab:
      • Clean all except cookies (if you want to keep those) in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.
      3. Click the " Run Cleaner" button.
      4. A pop up box will appear advising this process will permanently delete files from your system.
      5. Click " OK" and it will scan and clean your system.
      6. Click " exit" when done.
      REBOOT.

      Please post a fresh HijackThis log. Thanks! :)

      Taken007

      18 Posts

      July 4th, 2006 02:00

      Logfile of HijackThis v1.99.1
      Scan saved at 11:47:24 PM, on 7/3/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\drivers\CDAC11BA.EXE
      C:\WINDOWS\System32\CTsvcCDA.EXE
      c:\program files\mcafee.com\agent\mcdetect.exe
      c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\MsPMSPSv.exe
      C:\WINDOWS\system32\devldr32.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\mcafee.com\agent\McAgent.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
      C:\Documents and Settings\krishanarjun\Desktop\HJT\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://search.microsoft.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search.microsoft.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
      O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
      O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
      O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
      O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
      O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125628149203
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125628106109
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
      O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

      Is my machine still at risk??

      Thanks for help.

      Was this post helpful?

      View All

      No Events found!

      Top