Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help!

Unread postby 1oo4 » July 17th, 2006, 8:05 pm

Hi, I'm having problems because of syssecuritesite, so here's my hijackthis log. Thanks for your help in advance :)


Logfile of HijackThis v1.99.1
Scan saved at 8:01:35 PM, on 17/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\VeriSign\NAVI\NAVICL~1.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tuyen Pham\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O1 - Hosts: 216.193.207.187 momusu.lunarpages.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp102.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/fr/Photo/ImageUploader3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
1oo4
Active Member
 
Posts: 9
Joined: July 17th, 2006, 7:53 pm
Advertisement
Register to Remove

Unread postby 'KotaGuy » July 17th, 2006, 8:16 pm

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

smitfraud log

Unread postby 1oo4 » July 17th, 2006, 8:41 pm

ok here you go :D

SmitFraudFix v2.73

Scan done at 20:39:56.32, 17/07/2006
Run from C:\Documents and Settings\Tuyen Pham\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld???.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\mzoeut.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tuyen Pham\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TUYENP~1\FAVORI~1

C:\DOCUME~1\TUYENP~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpyHeal\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
1oo4
Active Member
 
Posts: 9
Joined: July 17th, 2006, 7:53 pm

Unread postby 'KotaGuy » July 17th, 2006, 8:45 pm

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
  • Under How to act?
  • Click on Recommended Action and choose Quarantine from the popup menu.
[*]Under How to scan?
  • All checkboxes should be ticked.
[*]Under Possibly unwanted software:
  • All checkboxes should be ticked.
[*]Under Reports:
  • Select Automatically generate report after every scan and uncheck Only if threats were found.
[*]Under What to scan?
  • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
    Image
[*]When done, click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Please post:
  1. c:\rapport.txt
  2. Ewido log
  3. A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby 1oo4 » July 17th, 2006, 11:19 pm

Logfile of HijackThis v1.99.1
Scan saved at 11:19:49 PM, on 17/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tuyen Pham\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O1 - Hosts: 216.193.207.187 momusu.lunarpages.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp102.tmp (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/fr/Photo/ImageUploader3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
1oo4
Active Member
 
Posts: 9
Joined: July 17th, 2006, 7:53 pm

Unread postby 1oo4 » July 17th, 2006, 11:20 pm

SmitFraudFix v2.73

Scan done at 21:01:20.73, 17/07/2006
Run from C:\Documents and Settings\Tuyen Pham\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld???.tmp Deleted
C:\WINDOWS\system32\mzoeut.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\TUYENP~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\SpyHeal\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
1oo4
Active Member
 
Posts: 9
Joined: July 17th, 2006, 7:53 pm

Unread postby 1oo4 » July 17th, 2006, 11:22 pm

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:12:14 PM 17/07/2006

+ Scan result:



C:\Program Files\filesubmit\dominicanescape.exe\NNEZTA388.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\dominicanescape.exe\TBEZA127Q.exe -> Adware.Quick : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Program Files\se -> Adware.WindowEnhancer : Cleaned with backup (quarantined).
C:\Program Files\se\Data -> Adware.WindowEnhancer : Cleaned with backup (quarantined).
C:\Program Files\se\Data\app.dat -> Adware.WindowEnhancer : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.206:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.215:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.217:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.784:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@adbrite.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@bellglobemediapublishing.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@cnetasiapacific.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@marthastewart.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@torstardigital.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@viator.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899561.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899638.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899700.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899918.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899968.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900046.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900076.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900166.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900172.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900216.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900227.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900230.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900278.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900444.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900498.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@www.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899437.TXT -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.625:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.626:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.627:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.628:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.629:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.630:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899425.TXT -> TrackingCookie.Belstat : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.427:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.428:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900425.TXT -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.495:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.496:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.497:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.498:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.499:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.500:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.501:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.502:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.503:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.504:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.505:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.506:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.507:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.508:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.509:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.510:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.521:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.522:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.559:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.571:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.572:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.573:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.574:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.576:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.580:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.582:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.587:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.588:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.594:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.595:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.596:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.597:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.599:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.600:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.695:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.696:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.697:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.758:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.764:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.774:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.775:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.785:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.786:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.790:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.791:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.792:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.793:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.794:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.795:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.796:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.797:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.798:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.812:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.834:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@e-2dj6wgmiejdzefp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@e-2dj6wjliajdpkbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899408.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899415.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899433.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899461.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899489.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899495.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899524.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899531.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899541.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899575.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899583.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899588.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899591.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899627.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899630.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899632.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899671.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899701.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899702.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899703.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899711.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899714.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899733.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899768.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899771.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899784.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899792.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899805.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899810.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899821.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899827.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899837.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899841.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899845.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899852.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899853.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899858.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899864.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899865.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899868.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899869.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899872.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899895.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899914.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899930.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899939.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899941.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899954.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899965.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899989.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899995.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900011.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900141.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900187.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900197.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900220.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900228.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900231.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900236.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900273.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900301.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900401.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900405.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900432.TXT -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900244.TXT -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900180.TXT -> TrackingCookie.Gamingpromo : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.252:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.253:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.254:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.255:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.422:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.423:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.473:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.619:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.655:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.656:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.658:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.747:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899726.TXT -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900103.TXT -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900422.TXT -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900082.TXT -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.607:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899780.TXT -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.335:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.269:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.270:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.645:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.646:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.647:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.648:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899866.TXT -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.754:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.564:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.565:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900202.TXT -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900305.TXT -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.301:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Phamily\Cookies\phamily@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01899532.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900875.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900877.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900878.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900879.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900885.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900886.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\01900887.TXT -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\Phamily\Application Data\Mozilla\Firefox\Profiles\bivliypq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end
1oo4
Active Member
 
Posts: 9
Joined: July 17th, 2006, 7:53 pm

Unread postby 'KotaGuy » July 17th, 2006, 11:56 pm

Run and scan with HijackThis. Place a check beside the following:

O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp102.tmp (file missing)

Close all open browsers/windows and click the Fix button.

Reboot and post a new HijackThis log please.

How is your PC behaving now?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby 1oo4 » July 18th, 2006, 9:17 am

When I reboot the computer, it takes more time than usual to load. Is it normal?


Logfile of HijackThis v1.99.1
Scan saved at 9:15:38 AM, on 18/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tuyen Pham\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O1 - Hosts: 216.193.207.187 momusu.lunarpages.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/fr/Photo/ImageUploader3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
1oo4
Active Member
 
Posts: 9
Joined: July 17th, 2006, 7:53 pm

Unread postby 'KotaGuy » July 18th, 2006, 11:55 am

When I reboot the computer, it takes more time than usual to load. Is it normal?


That may be caused by the Ewido Real Time Protection starting when you boot Windows. We can change that and see if it helps. Right click on the Ewido icon in your System Tray and uncheck Resident Shield.

Your HijackThis log is clean now :)

Just a couple things left to do.

Run HijackThis. Click the Misc Tools button. Then the Uninstall Manager button. Then the Save List button. Save the list to your Desktop. Post that list in your next reply please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby 1oo4 » July 18th, 2006, 12:52 pm

AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Reader 7.0.7
Ahead Nero Burning ROM
ArcSoft Camera Suite 1.3
Assistant Internet
AVG Free Edition
BitLord 1.1
BSPlayer
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Drivers
Canon MP Toolbox 4.1
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
ewido anti-spyware 4.0
File Transfer Plus 1.1 RELEASE
Google Toolbar for Internet Explorer
GSpot Codec Information Appliance
Hijackthis 1.99.1
HijackThis 1.99.1
IHMC CmapTools v4.02
iRiver Manager
iRiver Updater
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
LimeWire 4.9.29
LiveReg (Symantec Corporation)
Macromedia Flash Player 8
Messenger Plus! 3
Microsoft Office XP Professional with FrontPage
Nero Media Player
QuickTime
Real Alternative 1.48
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
VeriSign i-Nav and Components
VobSub v2.23 (Remove Only)
Vodafone 804SS USB driver Software
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
1oo4
Active Member
 
Posts: 9
Joined: July 17th, 2006, 7:53 pm

Unread postby 'KotaGuy » July 18th, 2006, 3:06 pm

Click Start>Run type in appwiz.cpl and hit Enter. Uninstall the following:

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4


Then download and install the new version of Java.

Reboot and post a new HijackThis log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby 1oo4 » July 19th, 2006, 7:55 am

Logfile of HijackThis v1.99.1
Scan saved at 7:55:00 AM, on 19/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Tuyen Pham\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O1 - Hosts: 216.193.207.187 momusu.lunarpages.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/fr/Photo/ImageUploader3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
1oo4
Active Member
 
Posts: 9
Joined: July 17th, 2006, 7:53 pm

Unread postby 'KotaGuy » July 19th, 2006, 12:59 pm

:thumbup:

Looks good!

How is your PC behaving?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby 1oo4 » July 20th, 2006, 7:20 am

VERY GOOD! THANKS A LOT!!! :D
1oo4
Active Member
 
Posts: 9
Joined: July 17th, 2006, 7:53 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware