Free Malware Removal Forum

by **vanjulio** » March 5th, 2006, 4:09 pm

Logfile of HijackThis v1.99.1
Scan saved at 3:13:06 PM, on 3/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\DRIVERS\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\VirtuaWin\VirtuaWin.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
C:\Program Files\VirtuaWin\modules\WinList.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\mshta.exe
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINNT\enhtb.dll (file missing)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINNT\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\acrobat\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar1.dll
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.1_03\bin\jusched.exe
O4 - HKLM\..\Run: [Dinst] C:\WINNT\dinst.exe
O4 - HKLM\..\Run: [emrmhs] C:\WINNT\system32\qscegsu.exe r
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Startup: Folding@Home 5.03.lnk = C:\Program Files\Folding@Home\winfah.exe
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\winnt\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\winnt\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\winnt\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINNT\system32\DRIVERS\dcfssvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe" "WMP54Gv4.exe (file missing)

--------------

so you see my problem is this entry: O4 - HKLM\..\Run: [emrmhs] C:\WINNT\system32\qscegsu.exe r

I can't seem to disable this even though I've thwarted nail.exe. The a^2 guard is preventing it from spawning the Best of the Net adware currently.

by **SpotCheckBilly** » March 5th, 2006, 10:36 pm

Hello vanjulio,

Welcome to the MWR forums. We are going to try and take care of everything in one go.

We need to Disable A-Squared Guard
- Open a-squared
- Click on "Configure Background-Guard"
- Deselect "Enable background guard on system startup"
- Close window
- Close a-squared
- Reboot your machine for the changes to take effect.

BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, download Ewido Security Suite.

Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

For a final cleanup, please:

Install ewido security suite
When installing, under "Additional Options" uncheck
- "Install background guard"
- "Install scan via context menu."
Launch ewido, there should be a big "E" icon on your desktop, double-click it.
The program will prompt you to update click the "OK" button
The program will now go to the main screen

You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update
- Click on Start
The update will start and a progress bar will show the updates being installed. After the updates are installed, exit ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates

Once the updates are installed do the following:
Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
Click on scanner
Click on Settings
- Under "How to scan" all boxes should be selected
- Under "Possibly unwanted software" all boxes should be selected
- Under "What to scan" select scan every file
- Click OK
Click on Complete system scan
Let the program scan the machine
If ewido finds anything, it will pop up a notification. NOTE: We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged. In particular, watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives) select "none" as the action. DO NOT check "Perform action with all infections." If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
Click Save report
Save the report to your desktop
Exit ewido

Run HiJackThis and click "Scan", then check(tick) any of these that are left over (Don't worry if you don't find some of these.):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINNT\enhtb.dll (file missing)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINNT\dsr.dll (file missing)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)

O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)

O4 - HKLM\..\Run: [Dinst] C:\WINNT\dinst.exe
O4 - HKLM\..\Run: [emrmhs] C:\WINNT\system32\qscegsu.exe r
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

With all windows closed except HiJackThis, click "Fix checked".

From "Safe Mode", (Reboot if necessary.) locate and delete the following item(s), if present. Make sure you're able to view system and hidden files/ folders:

To show hidden files :

1. Click Start=>Control Panel=>Folder Options=>View tab.
2. Select "Show hidden files and folders"
3. Clear the check mark in "Hide protected operating system files"=>Yes[/color] to confirm.
4. Click Apply=>OK.
5. Close Control Panel.

folders...

C:\Program Files\AWS
C:\PROGRA~1\AWS

files...

C:\WINNT\dinst.exe
C:\WINNT\system32\qscegsu.exe

Note that some of these file(s) may not be present.

In your next reply, please include the following:
1. The report from the ewido scan.
2. A fresh HijackThis log. :wave:

SpotCheckBilly

by **vanjulio** » March 7th, 2006, 7:51 pm

ok I'm trying this now....

just one question. %PROGRAM FILES%/AWS is the directory for WeatherBug. I kinda like weatherbug.... but you suggest I remove it? I don't use weatherbug at work or even on my personal laptop.... (perhaps that's a reason I dont get these problems on those setups).

Thanks for your help and I'll post the things you requested soons.

-

by **vanjulio** » March 7th, 2006, 11:33 pm

vanjulio wrote: and I'll post the things you requested soons.

-

Ewido Report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:45:44 PM, 3/7/2006
+ Report-Checksum: D0E3BBA2

+ Scan result:

D:\zip installs\vnc-3_3_3r7_x86_win32.zip/vnc_x86_win32/vncviewer/vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\enhuninstall.exe -> Adware.NoName : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\ceres.cab/ceres.dll -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\ceres.cab/spike.exe -> Hijacker.Agent.fi : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\mynut2.exe/enhupdt.exe -> Downloader.Intexp.c : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\_3a01516\enhupdt.exe -> Downloader.Intexp.c : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CHEZINYZ\thnall4c[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ads.euniverseads[1].txt -> TrackingCookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@cliks[3].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@www.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ads.trafficvenue[1].txt -> TrackingCookie.Trafficvenue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt -> TrackingCookie.Yadro : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@ads06.bpath[2].txt -> TrackingCookie.Bpath : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@ads15.bpath[2].txt -> TrackingCookie.Bpath : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@ads15.bpath[1].txt -> TrackingCookie.Bpath : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@master.mx-targeting[1].txt -> TrackingCookie.Mx-targeting : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@master.mx-targeting[2].txt -> TrackingCookie.Mx-targeting : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned without backup
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6aabyih0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup

::Report End

HIJACK THIS final log:

Logfile of HijackThis v1.99.1
Scan saved at 10:37:37 PM, on 3/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\DRIVERS\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\ShareDLL\MEDIADET.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\acrobat\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.1_03\bin\jusched.exe
O4 - Startup: Folding@Home 5.03.lnk = C:\Program Files\Folding@Home\winfah.exe
O4 - Global Startup: VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe
O8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\winnt\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\winnt\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\winnt\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\winnt\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINNT\system32\DRIVERS\dcfssvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe" "WMP54Gv4.exe (file missing)

by **SpotCheckBilly** » March 8th, 2006, 4:43 am

Hello vanjulio,

I notice that you do not seem to be running antivirus software. AV software is ABSOLUTELY ESSENTIAL in today's digital world. AVG makes an excellent FREE antivirus client, as do AntiVir and avast!. There are also many "pay-for" programs such as Norton, McAfee and NOD32. In addition to installing AV software, I also recommend that you install a firewall. See my signature below for links to two highly regarded free firewalls.

The good news is:

Congratulations! Your log looks clean - looks like we got everything in one go - good work!

Below is my standard "Final Cleanup" and "All Clean" speech. Included in it are tips on how to keep your computer from being reinfected. They are simple to set up and simple to maintain, and I HIGHLY recommend that you follow them. (I use every one.)

Download, install and run Cleanup! from Ste'en Gould, then:

1. Click "Cleanup!"

(wait for the program to finish scanning your system, and selecting files to be removed.)

2. Exit the program and reboot the computer, if necessary.

For more information about using Cleanup! see here.

If e'erything is running ok, let's do the final cleanup...

1. Run "Disk Cleanup" and allow it to remove everything it finds.

2. If you've downloaded MicroWorld AV (MWAV), run it again - but don't scan, just click "Clear Log" and exit the program.

Please skip this step 3. Go to www.trendmicro.com and click "Free Online Scan", then "Scan now, it's free!". Follow on-screen prompts.

4. Disable, then re-enable system restore; with a reboot in-between. Then immediately create a new system restore point manually.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Spywareblaster => SpywareBlaster will prevent spyware from being installed.
Spywareguard => SpywareGuard offers realtime protection from spyware installation attempts.
How to use Ad-Aware to remove Spyware => If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
How to use Spybot to remove Spyware => If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware

To protect yourself further:

IE/Spyad => IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file => The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Google Toolbar => Get the free google toolbar to help stop pop up windows.

I also suggest that you delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself), for example:

C:\WINDOWS\Temp\--->Everything After the \.
C:\Temp\--->Everything After the \.
C:\Documents and Settings\username\Local Settings\Temp\--->Everything After the \.
Repeat for all users.

Also delete your Temporary Internet Files:

Click Start=>Control Panel=>Internet options.
Under the Generaltab.
Click Delete Files button.
Place a check-mark in Delete all off-line content.
Click OK=>OK
Exit Control Panel
Repeat for all users.

Empty the recycle bin:

Right-click the Recycle Bin icon on your desktop.
Select "Empty Recycle Bin".
Repeat forall users.

Clear all cookies in Internet Explorer and Firefox.
Internet Explorer:
1. Click Start=>Control Panel=>Internet Options
2. In the General tab under Temporary Internet Files:
Click Delete Cookies=>OK=>OK
3. Exit Control Panel

Firefox:
1. In any Firefox window:
Click Tools=>Options=>Privacy icon=>Cookies tab.
2. Click Clear Cookies button=>OK

Note: You can also do the above steps using a program such as Cleanup! from Steven Gould or CCleaner.These steps should be done on a regular basis.

Also, please see: So how did I get infected in the first place?

If you are having any more problems, post back the description along with a fresh HijackThis log. :wave:

SpotCheckBilly

by **SpotCheckBilly** » March 10th, 2006, 4:02 am

Hello vanjulio,

A bit of an update. It's OK if you want to keep weatherbug. It used to be considered undesirable because of ads. Go ahead and reinstall it if you like. :wave:

SpotCheckBilly

by **Nick-YF19** » March 18th, 2006, 6:21 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. See Nellie2's blog here or post in our dedicated forum here
The infection you had was ......

Free Malware Removal Forum

vanjulio hijack log

vanjulio hijack log

Who is online