Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

IE Browser hi-jacked by Syssecuritysite.net

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

IE Browser hi-jacked by Syssecuritysite.net

Unread postby Pillo » July 22nd, 2006, 3:20 pm

Help with this problem would be appreciated. Tried everything - Spybot S&D, Ad-Aware, CWShredder, MSDefender, plus several free on-line checkers.

HiJackThis Log as follows:-

Logfile of HijackThis v1.99.1
Scan saved at 18:12:06, on 22/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Applications\Nero 6.6\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Applications\CyberLink\PowerDVD 6.0\PDVDServ.exe
C:\Applications\Nero 6.6\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Applications\CloneCD\CloneCDTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Creative\MediaSource\CTCMS.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Paul\LOCALS~1\Temp\Temporary Directory 1 for

hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.tiscali.co.uk/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Applications\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\APPLIC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} -

C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Desktop

Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [CreativeKeyboard ] C:\Program Files\Creative\Desktop

Wireless\kb_2k.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DVD43] C:\APPLIC~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [RemoteControl] "C:\Applications\CyberLink\PowerDVD

6.0\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Applications\Nero 6.6\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Applications\CloneCD\ElbyCheck.exe"

/L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Applications\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [zSPGuard] c:\applications\spguard\spguard.exe /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download

Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk =

C:\Applications\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st

800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\APPLIC~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\APPLIC~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile

Manager Class) - https://moneymanager.egg.com/Pinsafe/ac ... acking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupda ... nt/wuweb_s

ite.cab?1146441878685
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... ient/muweb

_site.cab?1146442008912
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) -

http://go.microsoft.com/fwlink/?linkid=49480
O17 -

HKLM\System\CCS\Services\Tcpip\..\{F35233AA-29E8-4FFD-9B56-43C0FB31B8D5}:

NameServer = 212.74.114.129 212.74.112.67
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} -

C:\WINDOWS\system32\mzoeut.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Applications\Nero

6.6\InCD\InCDsrv.exe


Thanks
Pillo
Active Member
 
Posts: 4
Joined: July 22nd, 2006, 1:26 pm
Top
Advertisement
Register to Remove

Unread postby random/random » July 22nd, 2006, 3:25 pm

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

Post back with the smitfraudfix log and a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

Unread postby Pillo » July 22nd, 2006, 3:45 pm

Smitfraud Log:-

SmitFraudFix v2.74

Scan done at 20:39:18.98, 22/07/2006
Run from C:\Documents and Settings\Paul\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld???.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Paul\FAVORI~1

C:\DOCUME~1\Paul\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shared

TaskScheduler]
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Hijackthis Log (Done properly this time!):-

Logfile of HijackThis v1.99.1
Scan saved at 20:44:10, on 22/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Applications\Nero 6.6\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Applications\CyberLink\PowerDVD 6.0\PDVDServ.exe
C:\Applications\Nero 6.6\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Applications\CloneCD\CloneCDTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Applications\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLIC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [CreativeKeyboard ] C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DVD43] C:\APPLIC~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [RemoteControl] "C:\Applications\CyberLink\PowerDVD 6.0\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Applications\Nero 6.6\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Applications\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Applications\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [zSPGuard] c:\applications\spguard\spguard.exe /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Applications\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\APPLIC~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\APPLIC~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/ac ... acking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6441878685
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6442008912
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft.com/fwlink/?linkid=49480
O17 - HKLM\System\CCS\Services\Tcpip\..\{F35233AA-29E8-4FFD-9B56-43C0FB31B8D5}: NameServer = 212.74.114.129 212.74.112.67
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Applications\Nero 6.6\InCD\InCDsrv.exe
Pillo
Active Member
 
Posts: 4
Joined: July 22nd, 2006, 1:26 pm
Top

Unread postby random/random » July 22nd, 2006, 4:40 pm

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install Ewido by double clicking the installer.
  • Follow the prompts. Make sure that Launch Ewido is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
  • Click on Scanner
  • Click on the Settings tab.
    • Under How to act? click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan? all boxes should be selected.
    • Under Possibly unwanted software: all boxes should be checked.
    • Under Reports: click on Automatically generate report after every scan.
    • Under What to scan? select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When scan has finished, at bottom of the screen click Apply all Actions.
  • Click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Please post:
  1. c:\rapport.txt
  2. Ewido log
  3. A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

Unread postby Pillo » July 23rd, 2006, 2:54 pm

Rapport.txt log:-

SmitFraudFix v2.74

Scan done at 16:44:06.99, 23/07/2006
Run from C:\Documents and Settings\Paul\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Ewido Log:-

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:36:53 23/07/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{f7d40011-29bb-43eb-9c97-875ce89e9e36} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-117609710-706699826-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F7D40011-29BB-43EB-9C97-875CE89E9E36} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Paul\Desktop\Utilities\RockXP3.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Paul\Desktop\Utilities\RockXP3.exe/keyms.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Paul\Desktop\Utilities\RockXP3.exe/xpkey.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.339:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.340:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.382:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.383:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.92:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.93:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.94:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Brenda\Cookies\brenda@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.551:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.552:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.553:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.554:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.557:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.558:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.559:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Brenda\Cookies\brenda@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.82:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.240:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.241:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.65:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.644:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.582:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.583:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.584:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.541:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.49:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.373:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.374:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.379:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.387:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.209:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.210:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.211:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.213:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.214:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.215:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.216:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.217:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.218:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.219:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.220:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.221:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.222:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.223:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.542:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.570:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.591:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.592:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.593:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.594:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.595:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.596:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.597:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.425:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.427:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.428:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.429:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.430:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.431:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.432:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.437:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.438:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.439:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.456:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.457:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.458:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.459:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.460:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.461:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.462:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.513:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.519:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.69:C:\Documents and Settings\Brenda\Application Data\Mozilla\Firefox\Profiles\sf2o4gvu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.515:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.516:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.517:C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\7eliftr2.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end

New Hijackthis log:-

Logfile of HijackThis v1.99.1
Scan saved at 19:53:33, on 23/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Applications\Nero 6.6\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Applications\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Applications\CyberLink\PowerDVD 6.0\PDVDServ.exe
C:\Applications\Nero 6.6\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Applications\CloneCD\CloneCDTray.exe
C:\Applications\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/index_first.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Applications\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLIC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [CreativeKeyboard ] C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DVD43] C:\APPLIC~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [RemoteControl] "C:\Applications\CyberLink\PowerDVD 6.0\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Applications\Nero 6.6\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Applications\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Applications\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [zSPGuard] c:\applications\spguard\spguard.exe /s
O4 - HKLM\..\Run: [!ewido] "C:\Applications\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Applications\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Applications\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\APPLIC~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\APPLIC~1\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/ac ... acking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6441878685
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6442008912
O16 - DPF: {B495C654-5860-45D4-8EAA-5663B9393F33} (OVA Class) - http://go.microsoft.com/fwlink/?linkid=49480
O17 - HKLM\System\CCS\Services\Tcpip\..\{F35233AA-29E8-4FFD-9B56-43C0FB31B8D5}: NameServer = 212.74.114.129 212.74.112.67
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Applications\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Applications\Nero 6.6\InCD\InCDsrv.exe
Pillo
Active Member
 
Posts: 4
Joined: July 22nd, 2006, 1:26 pm
Top

Unread postby random/random » July 23rd, 2006, 4:36 pm

Go here and download and install JRE 5.0 Update 7. Click the link that says Download JRE 5.0 Update 7. You will then need to select Accept License Agreement and click the Continue button that is beside it. Then click the link that says Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click jre-1_5_0_07-windows-i586-p.exe to start the install. Once you have it installed, click Start>Run, type in appwiz.cpl and hit Enter. From the list, uninstall J2SE Runtime Environment 5.0 Update 6.

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you do not have to be registered to post.. just find your country room and register your complaint.
The infection you had was a smitfraud variant

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
  1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Reboot.

    Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.
    NOTE: only do this ONCE,NOT on a regular basis
  2. Keep your antivirus up to date
  3. Use a firewall
    While the firewall built into windows XP will protect you from incoming attacks, it will not monitor outgoing connections
    It is therefore recommended that you install one of the following firewalls
    Sunbelt kerio personal firewall
    Zonealarm
  4. Keep windows up to date with the latest patches


    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
  5. Install spywareblaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
    kill bits
    in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster here here
    Make sure to update it on a regular basis
  6. Install IE-SPYAD
    Dowload and instructions located here
    Make sure to update it on a regular basis
  7. Use a HOSTS file
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok
  8. Install and use Ad-aware & Spybot search & destroy
    Instructions are located here
    Make sure to update them on a regular basis
  9. Most exploits are aimed at internet explorer, so I recommend you switch to an altenative browser
    Two good alternative browsers are
    Firefox
    Opera
    It is essential to update to the latest version of your browser, as the updates fix known security holes
  10. Even if you do decide to switch to another browser, it is still a good idea to lock down Internet explorer
    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    Change the allow paste operations via script to Disable
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.
  11. Clean out you temp file on a regular basis
    I use and recommend ATF Cleaner by Attribune
    To use it, follow these instructions
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Main at the top and choose Select All from the list.
    • Click the Empty Selected button.
    If you use Firefox browser:
    • Click Firefox at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser:
    • Click Opera at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
  12. Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Top

Unread postby Pillo » July 23rd, 2006, 8:33 pm

I'm clean. Many thanks for your time and trouble.

Regards

Pillo
Pillo
Active Member
 
Posts: 4
Joined: July 22nd, 2006, 1:26 pm
Top

Unread postby 'KotaGuy » July 30th, 2006, 10:35 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 153 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index