panya

Members
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About panya

  • Rank
    Member
  • Birthday 01/03/1978

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Thailand
  1. Thank you very much. i will be more careful when download stuff on internet.
  2. It is working good. Looks like all viruses are gone. However i think my computer is quite slow when i turn on, i will probrably have to remove some programes. Thank you very much for your help to clean all the virus.
  3. Hi, please can you help me to review the log file from hijackthis again. This time i didn't do in safemode. do you want me to scan in safemode as well? Logfile of HijackThis v1.99.1 Scan saved at 11:19:35 PM, on 7/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe C:\Program Files\Dict95\bin\MagicLnk.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\1-Click Answers\answers.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\1-Click Answers\agtserv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrator\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [internetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized O4 - Global Startup: Digimax Viewer 2.1.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Magic Linker.lnk = C:\Program Files\Dict95\bin\MagicLnk.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = ? O4 - Global Startup: 1-Click Answers.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: ส่&งออ�ไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: MySql - Unknown owner - C:\IBserver\mysql\bin\mysqld-opt.exe
  4. Hi jurgenv i think my computer doesn't have virus anymore. thank you very much for all of your help . --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 3:09:08 PM 7/10/2006 + Scan result: C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0092753.exe -> Adware.MediaTickets : Cleaned with backup (quarantined). C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0093810.exe -> Downloader.Agent.apb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP144\A0094853.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP144\A0094855.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP144\A0094856.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP144\A0094857.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP144\A0094858.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined). C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP144\A0094873.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined). C:\WINDOWS\g12563953.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined). C:\WINDOWS\g13770640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined). C:\WINDOWS\g8952359.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined). C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0092757.exe -> Downloader.Zlob.xj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP139\A0092621.tlb -> Downloader.Zlob.xj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140\A0092713.tlb -> Downloader.Zlob.xj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140\A0092723.tlb -> Downloader.Zlob.xj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140\A0092735.tlb -> Downloader.Zlob.xj : Cleaned with backup (quarantined). C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140\A0092760.tlb -> Downloader.Zlob.xj : Cleaned with backup (quarantined). :mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected]twga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned. :mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned. :mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IN8DYROJ\bgates[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined). C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\65SV45U3\srvcun[1].exe -> Trojan.Pakes : Cleaned with backup (quarantined). C:\WINDOWS\Temp\win3C5.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined). C:\WINDOWS\Temp\win3C7.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined). ::Report end --------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 3:10:56 PM, on 7/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [internetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized O4 - HKCU\..\Run: [Ouoe] "C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe" -vt yax O4 - Global Startup: Digimax Viewer 2.1.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Magic Linker.lnk = C:\Program Files\Dict95\bin\MagicLnk.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = ? O4 - Global Startup: 1-Click Answers.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: ส่&งออà¸?ไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.phuketgazette.net O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g14984406.dll (file missing) O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing) O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: MySql - Unknown owner - C:\IBserver\mysql\bin\mysqld-opt.exe --------------------------------------------------------
  5. Hi jurgenv DrWeb scaned quite long. please read the report from DrWeb here: g7732421.dll;C:\WINDOWS;Trojan.DownLoader.10744;Will be cured after reboot.; winmmt32.dll;C:\WINDOWS\system32;Trojan.Mezzia;Will be cured after reboot.; g407765.dll;C:\WINDOWS;Trojan.DownLoader.10744;Will be cured after reboot.; g1627875.dll;C:\WINDOWS;Trojan.DownLoader.10744;Will be cured after reboot.; g2900906.dll;C:\WINDOWS;Trojan.DownLoader.10744;Will be cured after reboot.; g6496968.dll;C:\WINDOWS;Trojan.DownLoader.10744;Will be cured after reboot.; g7732421.dll;C:\WINDOWS;Trojan.DownLoader.10744;Will be cured after reboot.; winmmt32.dll;C:\WINDOWS\system32;Trojan.Mezzia;Will be cured after reboot.; clci.exe;C:\WINDOWS\system32;Dialer.Mitrafa;Incurable.Moved.; win3B4.tmp.exe;C:\WINDOWS\Temp;Trojan.DownLoader.10628;Deleted.; win3B6.tmp.exe;C:\WINDOWS\Temp;Trojan.DownLoader.10628;Deleted.; bgates[1].exe;C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\65SV45U3;Dialer.Silent;Deleted.; srvcun[1].exe;C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\65SV45U3;Trojan.DownLoader.10628;Deleted.; srvvtd[1].exe;C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\65SV45U3;Trojan.DownLoader.10628;Deleted.; A0092709.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.Popuper;Deleted.; A0092750.dll;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.DownLoader.10744;Deleted.; A0092751.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.MulDrop.3839;Deleted.; A0092752.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.PurityAd;Deleted.; A0092753.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Adware.MediaTicket;Incurable.Moved.; A0092757.exe\data001;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140\A0092757.exe;Trojan.Popuper;; A0092757.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Archive contains infected objects;Moved.; A0092759.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.Popuper;Deleted.; A0093768.dll;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.DownLoader.10744;Deleted.; A0093769.dll;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.DownLoader.10744;Deleted.; A0093785.dll;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP140;Trojan.Fakealert;Deleted.; A0093810.exe;C:\System Volume Information\_restore{135253DC-7752-4F1A-8205-A71355F8D539}\RP141;Dialer.Mitrafa;Incurable.Moved.; -----------------
  6. Hi jurgenv You replied so quick. i am downloading drweb and i will post the report to you soon. Panya
  7. log file from Ad-Aware SE Ad-Aware SE Build 1.06r1 Logfile Created on:Saturday, July 08, 2006 7:38:22 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R113 28.06.2006 ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป References detected during the scan: ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป MRU List(TAC index:0):52 total references Tracking Cookie(TAC index:3):1 total references ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 7-8-2006 7:38:22 PM - Scan started. (Smart mode) Listing running processes ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 816 ThreadCreationTime : 7-8-2006 11:34:35 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 896 ThreadCreationTime : 7-8-2006 11:34:37 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 920 ThreadCreationTime : 7-8-2006 11:34:38 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 972 ThreadCreationTime : 7-8-2006 11:34:38 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 984 ThreadCreationTime : 7-8-2006 11:34:38 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1144 ThreadCreationTime : 7-8-2006 11:34:39 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1188 ThreadCreationTime : 7-8-2006 11:34:40 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1328 ThreadCreationTime : 7-8-2006 11:34:40 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1392 ThreadCreationTime : 7-8-2006 11:34:41 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1560 ThreadCreationTime : 7-8-2006 11:34:41 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1896 ThreadCreationTime : 7-8-2006 11:34:43 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1988 ThreadCreationTime : 7-8-2006 11:34:43 AM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [mcvsshld.exe] FilePath : C:\PROGRA~1\mcafee.com\vso\ ProcessID : 492 ThreadCreationTime : 7-8-2006 11:34:47 AM BasePriority : Normal FileVersion : 8, 0, 0, 15 ProductVersion : 8, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan ActiveShield Resource InternalName : msvcshld LegalCopyright : Copyright ? 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsshld.exe Comments : McAfee VirusScan ActiveShield Resource #:14 [mcagent.exe] FilePath : C:\PROGRA~1\mcafee.com\agent\ ProcessID : 500 ThreadCreationTime : 7-8-2006 11:34:47 AM BasePriority : Normal FileVersion : 6, 0, 0, 16 ProductVersion : 6, 0, 0, 0 ProductName : McAfee SecurityCenter CompanyName : McAfee, Inc FileDescription : McAfee SecurityCenter Agent InternalName : mcagent LegalCopyright : Copyright ? 2005 McAfee, Inc. OriginalFilename : mcagent.exe #:15 [mcvsescn.exe] FilePath : c:\progra~1\mcafee.com\vso\ ProcessID : 512 ThreadCreationTime : 7-8-2006 11:34:47 AM BasePriority : Normal FileVersion : 8, 0, 0, 30 ProductVersion : 8, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan E-mail Scan Module InternalName : mcvsescn LegalCopyright : Copyright ? 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsescn.EXE Comments : McAfee VirusScan E-mail Scan Module #:16 [winampa.exe] FilePath : C:\Program Files\Winamp\ ProcessID : 528 ThreadCreationTime : 7-8-2006 11:34:47 AM BasePriority : Normal #:17 [gnotify.exe] FilePath : C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\ ProcessID : 536 ThreadCreationTime : 7-8-2006 11:34:48 AM BasePriority : Normal FileVersion : 1.0.25.0 ProductVersion : 1.0.25.0 ProductName : Gmail CompanyName : Google Inc. FileDescription : Gmail Notifier LegalCopyright : Copyright ? Google Inc. 2004-2005 OriginalFilename : gnotify.exe #:18 [pdvdserv.exe] FilePath : C:\Program Files\CyberLink\PowerDVD\ ProcessID : 564 ThreadCreationTime : 7-8-2006 11:34:48 AM BasePriority : Normal FileVersion : 6.00.1027 ProductVersion : 6.00.1027 ProductName : PowerDVD CompanyName : Cyberlink Corp. FileDescription : PowerDVD RC Service InternalName : PowerDVD RC Service LegalCopyright : Copyright © CyberLink Corp. 1997-2004 OriginalFilename : PDVDSERV.EXE #:19 [opwarese2.exe] FilePath : C:\Program Files\ScanSoft\OmniPageSE2.0\ ProcessID : 572 ThreadCreationTime : 7-8-2006 11:34:48 AM BasePriority : Normal FileVersion : 12.0 ProductVersion : 2.0 ProductName : OmniPage SE CompanyName : ScanSoft, Inc. FileDescription : OCR Aware (32-bit) InternalName : OPWARE12.EXE LegalCopyright : Copyright ? 1995-2003 ScanSoft, Inc. LegalTrademarks : ScanSoft, OmniPage and OmniPage SE are registered trademarks of ScanSoft, Inc. in the United States and/or other countries. OriginalFilename : OPWARE12.EXE #:20 [hpwuschd2.exe] FilePath : C:\Program Files\HP\HP Software Update\ ProcessID : 580 ThreadCreationTime : 7-8-2006 11:34:48 AM BasePriority : Normal FileVersion : 53.0.13.000 ProductVersion : 053.000.013.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : Hewlett-Packard Product Assistant InternalName : hpwuSchd2 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004 OriginalFilename : hpwuSchd2.exe Comments : Hewlett-Packard Product Assistant #:21 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 704 ThreadCreationTime : 7-8-2006 11:34:49 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:22 [ping.exe] FilePath : C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ ProcessID : 720 ThreadCreationTime : 7-8-2006 11:34:49 AM BasePriority : Normal #:23 [stimgbrowser.exe] FilePath : C:\Program Files\Samsung\Digimax Viewer 2.1\ ProcessID : 756 ThreadCreationTime : 7-8-2006 11:34:50 AM BasePriority : Normal FileVersion : 1, 0, 0, 9 ProductVersion : 1, 0, 0, 9 ProductName : Samsung Digimax Viewer 2.1.1 CompanyName : STOIK Imaging (www.stoik.com) FileDescription : STOIK Image Browser InternalName : STOIK Image Browser LegalCopyright : Copyright © STOIK Imaging Ltd. 2003-2004 OriginalFilename : STImgBrowser.EXE Comments : This is customization of STOIK Imaging Image Browser #:24 [magiclnk.exe] FilePath : C:\Program Files\Dict95\bin\ ProcessID : 808 ThreadCreationTime : 7-8-2006 11:34:51 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Magic Linker 2.0 CompanyName : Thaisoft Co., Ltd. FileDescription : For linking to Thaisoft So Sethaputra Dictionary 2.0 InternalName : MagicLnk LegalCopyright : Copyright © 1997 OriginalFilename : MagicLnk.EXE #:25 [bluesoleil.exe] FilePath : C:\Program Files\IVT Corporation\BlueSoleil\ ProcessID : 1100 ThreadCreationTime : 7-8-2006 11:34:51 AM BasePriority : Normal FileVersion : 1, 6, 1, 4 ProductVersion : 1, 6, 1, 4 ProductName : BlueSoleil CompanyName : IVT Corporation FileDescription : Bluetooth Application InternalName : BlueSoleil LegalCopyright : Copyright © 2000-2004 LegalTrademarks : BlueSoleil OriginalFilename : BlueSol.exe #:26 [hpqtra08.exe] FilePath : C:\Program Files\HP\Digital Imaging\bin\ ProcessID : 1268 ThreadCreationTime : 7-8-2006 11:34:52 AM BasePriority : Normal FileVersion : 53.0.13.000 ProductVersion : 053.000.013.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP Digital Imaging Monitor InternalName : HPQTRA00 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004 OriginalFilename : HPQTRA00.EXE Comments : HP Digital Imaging Monitor #:27 [btntservice.exe] FilePath : C:\Program Files\IVT Corporation\BlueSoleil\ ProcessID : 1296 ThreadCreationTime : 7-8-2006 11:34:52 AM BasePriority : Normal #:28 [answers.exe] FilePath : C:\Program Files\1-Click Answers\ ProcessID : 1436 ThreadCreationTime : 7-8-2006 11:34:55 AM BasePriority : Normal FileVersion : 1.1 (build 381) ProductVersion : 1.1 (build 381) ProductName : Answers CompanyName : Answers Corporation FileDescription : 1-Click Answers Client InternalName : 1-Click Answers Client LegalCopyright : Copyright ? Answers Corporation 1999-2006 OriginalFilename : Answers.exe #:29 [guard.exe] FilePath : C:\Program Files\ewido anti-spyware 4.0\ ProcessID : 1432 ThreadCreationTime : 7-8-2006 11:34:55 AM BasePriority : Normal FileVersion : 4, 0, 0, 172 ProductVersion : 4, 0, 0, 172 ProductName : ewido anti-spyware CompanyName : Anti-Malware Development a.s. FileDescription : ewido anti-spyware guard InternalName : ewido anti-spywareguard LegalCopyright : Copyright ? 2005 Anti-Malware Development a.s. OriginalFilename : guard.exe #:30 [inetinfo.exe] FilePath : C:\WINDOWS\system32\inetsrv\ ProcessID : 1516 ThreadCreationTime : 7-8-2006 11:35:02 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Internet Information Services CompanyName : Microsoft Corporation FileDescription : Internet Information Services InternalName : INETINFO.EXE LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : INETINFO.EXE #:31 [mcdetect.exe] FilePath : c:\program files\mcafee.com\agent\ ProcessID : 1588 ThreadCreationTime : 7-8-2006 11:35:04 AM BasePriority : Normal FileVersion : 6, 0, 0, 19 ProductVersion : 6, 0, 0, 0 ProductName : McAfee SecurityCenter CompanyName : McAfee, Inc FileDescription : McAfee WSC Integration Service InternalName : McDetect LegalCopyright : Copyright ? 2005 McAfee, Inc. OriginalFilename : McDetect.exe Comments : McAfee WSC Integration Service #:32 [mctskshd.exe] FilePath : c:\PROGRA~1\mcafee.com\agent\ ProcessID : 1580 ThreadCreationTime : 7-8-2006 11:35:05 AM BasePriority : Normal FileVersion : 6, 0, 0, 13 ProductVersion : 6, 0, 0, 0 ProductName : McAfee SecurityCenter CompanyName : McAfee, Inc FileDescription : McAfee Task Scheduler InternalName : McTskshd LegalCopyright : Copyright ? 2005 McAfee, Inc. OriginalFilename : McTskshd.exe #:33 [agtserv.exe] FilePath : C:\Program Files\1-Click Answers\ ProcessID : 1680 ThreadCreationTime : 7-8-2006 11:35:06 AM BasePriority : Normal FileVersion : 7.1 (build 381) ProductVersion : 7.1 (build 381) ProductName : ScreenScraper SDK CompanyName : Answers Corporation FileDescription : AgtServ main executable InternalName : AgtServ LegalCopyright : Copyright ? Answers Corporation 1999-2006 OriginalFilename : AgtServ.exe #:34 [mcvsrte.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ProcessID : 1708 ThreadCreationTime : 7-8-2006 11:35:07 AM BasePriority : Normal FileVersion : 8, 0, 0, 12 ProductVersion : 8, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan Real-time Engine InternalName : mcvsrte LegalCopyright : Copyright ? 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsrte.exe Comments : McAfee VirusScan Real-time Engine #:35 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\ ProcessID : 1860 ThreadCreationTime : 7-8-2006 11:35:16 AM BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft? Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:36 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 260 ThreadCreationTime : 7-8-2006 11:35:31 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:37 [hpqste08.exe] FilePath : C:\Program Files\HP\Digital Imaging\bin\ ProcessID : 412 ThreadCreationTime : 7-8-2006 11:35:33 AM BasePriority : Normal FileVersion : 53.0.13.000 ProductVersion : 053.000.013.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP CUE Status InternalName : HPQSTS00 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004 OriginalFilename : HPQSTS00.EXE Comments : HP CUE Status #:38 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 772 ThreadCreationTime : 7-8-2006 11:35:38 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:39 [hprblog.exe] FilePath : C:\Program Files\HP\Digital Imaging\Product Assistant\bin\ ProcessID : 1844 ThreadCreationTime : 7-8-2006 11:35:57 AM BasePriority : Normal FileVersion : 53.0.13.000 ProductVersion : 053.000.013.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : Hewlett-Packard Product Assistant InternalName : HPRBLOG LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004 OriginalFilename : HPRBLOG.EXE Comments : Hewlett-Packard Product Assistant #:40 [fxssvc.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2092 ThreadCreationTime : 7-8-2006 11:36:01 AM BasePriority : Normal FileVersion : 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.2.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Fax Service InternalName : FXSSVC.EXE LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : FXSSVC.EXE #:41 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3000 ThreadCreationTime : 7-8-2006 11:38:10 AM BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:42 [mcshield.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ProcessID : 3236 ThreadCreationTime : 7-8-2006 11:38:20 AM BasePriority : High #:43 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3772 ThreadCreationTime : 7-8-2006 11:39:53 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:44 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 3816 ThreadCreationTime : 7-8-2006 11:40:00 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:45 [regsvr32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3192 ThreadCreationTime : 7-8-2006 11:41:11 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Microsoft© Register Server InternalName : REGSVR32 LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : REGSVR32.EXE #:46 [notepad.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 4028 ThreadCreationTime : 7-8-2006 11:42:03 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Notepad InternalName : Notepad LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : NOTEPAD.EXE #:47 [ad-aware.exe] FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~1\ ProcessID : 1612 ThreadCreationTime : 7-8-2006 12:00:54 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright ? Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:48 [regsvr32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1104 ThreadCreationTime : 7-8-2006 12:01:56 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Microsoft© Register Server InternalName : REGSVR32 LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : REGSVR32.EXE #:49 [regsvr32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3164 ThreadCreationTime : 7-8-2006 12:22:48 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft? Windows? Operating System CompanyName : Microsoft Corporation FileDescription : Microsoft© Register Server InternalName : REGSVR32 LegalCopyright : ? Microsoft Corporation. All rights reserved. OriginalFilename : REGSVR32.EXE #:50 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 3828 ThreadCreationTime : 7-8-2006 12:23:39 PM BasePriority : Normal FileVersion : 8.0.0792.00 ProductVersion : 8.0.0792 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msnmsgr.exe LegalCopyright : Copyright © Microsoft Corporation. All rights reserved. OriginalFilename : msnmsgr.exe #:51 [mcvsftsn.exe] FilePath : c:\progra~1\mcafee.com\vso\ ProcessID : 3564 ThreadCreationTime : 7-8-2006 12:24:03 PM BasePriority : Normal FileVersion : 8, 0, 0, 20 ProductVersion : 8, 0, 0, 0 ProductName : McAfee VirusScan CompanyName : Networks Associates Technology, Inc FileDescription : McAfee VirusScan Instant Messenger Scan Module InternalName : mcvsftsn LegalCopyright : Copyright ? 1998-2003 Networks Associates Technology, Inc OriginalFilename : mcvsftsn.EXE Comments : McAfee VirusScan Instant Messenger Scan Module #:52 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 3724 ThreadCreationTime : 7-8-2006 12:24:12 PM BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe Memory scan result: ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป New critical objects: 0 Objects found so far: 0 Started registry scan ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป Registry Scan result: ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป New critical objects: 0 Objects found so far: 0 Started deep registry scan ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป Deep registry scan result: ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:[email protected]/ Expires : 7-9-2006 7:34:56 PM LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป New critical objects: 1 Objects found so far: 1 Deep scanning and examining files... ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป Disk Scan Result for C:\WINDOWS ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป New critical objects: 0 Objects found so far: 1 Disk Scan Result for C:\WINDOWS\system32 ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป New critical objects: 0 Objects found so far: 1 Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป New critical objects: 0 Objects found so far: 1 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป Hosts file scan result: ปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปปป 1 entries scanned. New critical objects:0 Objects found so far: 1 MRU List Object Recognized! Location: : C:\Documents and Settings\Administrator\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Administrator\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\google\navclient\1.1\history Description : list of recently used search terms in the google toolbar MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage Description : default save location in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage\editor Description : default add image directory for microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage\editor\recent templates Description : list of recently used templates in microsoft publisher MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage\explorer\frontpage explorer\recent file list Description : list of recently used files in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage\explorer\frontpage explorer\recent page list Description : list of recently used pages in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage\explorer\frontpage explorer\recent web list Description : list of recently used webs in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\frontpage\explorer\frontpage explorer\recently created servers Description : list of recently created servers in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\mediaplayer\player\settings Description : last save as directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\10.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\10.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\access\settings Description : list of recently opened documents in microsoft access MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\insert picture\file name mru Description : list of recent pictured inserted in microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru Description : list of recent documents saved by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\new from existing document\file name mru Description : list of "new from existing document" files used by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\powerpoint\recent templates Description : list of recent templates used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\powerpoint\recent typeface list Description : list of recently used typefaces in microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\powerpoint\recentfolderlist Description : list of recent folders used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\powerpoint\recenttemplatelist Description : list of recent templates used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\office\11.0\word\recent templates Description : list of recent templates used by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\nico mak computing\winzip\filemenu Description : winzip recently used archives MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1614895754-1770027372-1801674531-500\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history Performing conditional scans... Conditional scan result: New critical objects: 0 Objects found so far: 53 7:46:26 PM Scan Complete Summary Of This Scan Total scanning time:00:08:03.672 Objects scanned:83929 Objects identified:1 Objects ignored:0 New critical objects:1
  8. Hi jurgenv When i tune on the computer it shows me the report from ewido below. ---------------------------------- <?xml version="1.0" encoding="UTF-16"?> <DATABASE> <EXE NAME="ewido.exe" FILTER="GRABMI_FILTER_PRIVACY"> <MATCHING_FILE NAME="engine.dll" SIZE="466944" CHECKSUM="0xAE059C4C" BIN_FILE_VERSION="4.0.0.172" BIN_PRODUCT_VERSION="4.0.0.172" PRODUCT_VERSION="4, 0, 0, 172" FILE_DESCRIPTION="scan engine" COMPANY_NAME="Anti-Malware Development a.s." PRODUCT_NAME="ewido anti-spyware" FILE_VERSION="4, 0, 0, 172" ORIGINAL_FILENAME="engine.dll" INTERNAL_NAME="engine" LEGAL_COPYRIGHT="Copyright © 2005 Anti-Malware Development a.s." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.0.0.172" UPTO_BIN_PRODUCT_VERSION="4.0.0.172" LINK_DATE="06/16/2006 14:38:27" UPTO_LINK_DATE="06/16/2006 14:38:27" VER_LANGUAGE="German (Germany) [0x407]" /> <MATCHING_FILE NAME="ewido.exe" SIZE="6283264" CHECKSUM="0x98B9BB10" BIN_FILE_VERSION="4.0.0.172" BIN_PRODUCT_VERSION="4.0.0.172" PRODUCT_VERSION="4, 0, 0, 172" FILE_DESCRIPTION="ewido anti-spyware" COMPANY_NAME="Anti-Malware Development a.s." PRODUCT_NAME="ewido anti-spyware" FILE_VERSION="4, 0, 0, 172" ORIGINAL_FILENAME="ewido.exe" INTERNAL_NAME="ewido anti-spyware" LEGAL_COPYRIGHT="Copyright © 2005 Anti-Malware Development a.s." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.0.0.172" UPTO_BIN_PRODUCT_VERSION="4.0.0.172" LINK_DATE="06/16/2006 14:39:05" UPTO_LINK_DATE="06/16/2006 14:39:05" VER_LANGUAGE="German (Germany) [0x407]" /> <MATCHING_FILE NAME="guard.exe" SIZE="172032" CHECKSUM="0x822112CE" BIN_FILE_VERSION="4.0.0.172" BIN_PRODUCT_VERSION="4.0.0.172" PRODUCT_VERSION="4, 0, 0, 172" FILE_DESCRIPTION="ewido anti-spyware guard" COMPANY_NAME="Anti-Malware Development a.s." PRODUCT_NAME="ewido anti-spyware" FILE_VERSION="4, 0, 0, 172" ORIGINAL_FILENAME="guard.exe" INTERNAL_NAME="ewido anti-spywareguard" LEGAL_COPYRIGHT="Copyright © 2005 Anti-Malware Development a.s." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.0.0.172" UPTO_BIN_PRODUCT_VERSION="4.0.0.172" LINK_DATE="06/16/2006 14:38:41" UPTO_LINK_DATE="06/16/2006 14:38:41" VER_LANGUAGE="German (Germany) [0x407]" /> <MATCHING_FILE NAME="context.dll" SIZE="94208" CHECKSUM="0x63DFF67A" BIN_FILE_VERSION="4.0.0.172" BIN_PRODUCT_VERSION="4.0.0.172" PRODUCT_VERSION="4, 0, 0, 172" FILE_DESCRIPTION="Context-Menu (Shell Extension)" COMPANY_NAME="Anti-Malware Development a.s." PRODUCT_NAME="ewido anti-spyware" FILE_VERSION="4, 0, 0, 172" ORIGINAL_FILENAME="Context.dll" INTERNAL_NAME="Context.dll" LEGAL_COPYRIGHT="Copyright © 2005 Anti-Malware Development a.s." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.0.0.172" UPTO_BIN_PRODUCT_VERSION="4.0.0.172" LINK_DATE="06/16/2006 14:38:36" UPTO_LINK_DATE="06/16/2006 14:38:36" VER_LANGUAGE="German (Germany) [0x407]" /> <MATCHING_FILE NAME="shellexecutehook.dll" SIZE="73728" CHECKSUM="0x29DDA66A" BIN_FILE_VERSION="4.0.0.172" BIN_PRODUCT_VERSION="4.0.0.172" PRODUCT_VERSION="4, 0, 0, 172" FILE_DESCRIPTION="ewido anti-spyware guard" COMPANY_NAME="Anti-Malware Development a.s." PRODUCT_NAME="ewido anti-spyware" FILE_VERSION="4, 0, 0, 172" ORIGINAL_FILENAME="shellexecutehook.dll" INTERNAL_NAME="shellexecutehook.dll" LEGAL_COPYRIGHT="Copyright © 2005 Anti-Malware Development a.s." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.0.0.172" UPTO_BIN_PRODUCT_VERSION="4.0.0.172" LINK_DATE="06/16/2006 14:38:48" UPTO_LINK_DATE="06/16/2006 14:38:48" VER_LANGUAGE="German (Germany) [0x407]" /> <MATCHING_FILE NAME="help.dll" SIZE="4096" CHECKSUM="0x5824656E" /> <MATCHING_FILE NAME="Uninstall.exe" SIZE="110669" CHECKSUM="0x8D494C73" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8109FB" LINKER_VERSION="0x0" LINK_DATE="03/04/2006 17:05:36" UPTO_LINK_DATE="03/04/2006 17:05:36" /> </EXE> <EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY"> <MATCHING_FILE NAME="kernel32.dll" SIZE="983552" CHECKSUM="0x4CE79457" BIN_FILE_VERSION="5.1.2600.2180" BIN_PRODUCT_VERSION="5.1.2600.2180" PRODUCT_VERSION="5.1.2600.2180" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFF848" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2180" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2180" LINK_DATE="08/04/2004 07:56:36" UPTO_LINK_DATE="08/04/2004 07:56:36" VER_LANGUAGE="English (United States) [0x409]" /> </EXE> </DATABASE> -------------------------------------------------- Latest report from HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 6:57:01 PM, on 7/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe C:\Program Files\Dict95\bin\MagicLnk.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\1-Click Answers\answers.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\1-Click Answers\agtserv.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\wuauclt.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [internetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized O4 - HKCU\..\Run: [Ouoe] "C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe" -vt yax O4 - Global Startup: Digimax Viewer 2.1.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Magic Linker.lnk = C:\Program Files\Dict95\bin\MagicLnk.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = ? O4 - Global Startup: 1-Click Answers.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: ส่&งออ�ไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.phuketgazette.net O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g407765.dll O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: MySql - Unknown owner - C:\IBserver\mysql\bin\mysqld-opt.exe -------------------------------------------------------------------
  9. Hi jurgenv Thank you very much for your help. i have got the report here: ************************ * WIN32DELFKIL LOGFILE * ************************ by Marckie BEFORE RUNNING WIN32DELFKIL *************************** File(s) found in Windows directory ---------------------------------- g1725875.dll File(s) found in system32 folder -------------------------------- Export SharedTaskScheduler key ------------------------------ REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}" "{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater" "{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui" sharedtaskkey: 89e4aaba-3b21-49b3-b922-8ca35193c68e --------------------------------------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89e4aaba-3b21-49b3-b922-8ca35193c68e}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89e4aaba-3b21-49b3-b922-8ca35193c68e}\InProcServer32] @="C:\\WINDOWS\\system32\\zlara.dll" "ThreadingModel"="Apartment" sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00605 --------------------------------------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}] @="C:\\WINDOWS\\g1725875.dll" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InprocServer32] @="C:\\WINDOWS\\g1725875.dll" "ThreadingModel"="Apartment" sharedtaskkey: 0B5F7FDF-0717-45BF-B49D-695F3168C7FE --------------------------------------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}\InprocServer32] @="C:\\WINDOWS\\system32\\admparsek.dll" "ThreadingModel"="Apartment" Notify key ---------- subkey cfgmngr32 is present! AFTER RUNNING WIN32DELFKIL ************************** File(s) found in Windows directory ---------------------------------- File(s) found in system32 folder -------------------------------- Export SharedTaskScheduler key ------------------------------ REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}" sharedtaskkey: 89e4aaba-3b21-49b3-b922-8ca35193c68e --------------------------------------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89e4aaba-3b21-49b3-b922-8ca35193c68e}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89e4aaba-3b21-49b3-b922-8ca35193c68e}\InProcServer32] @="C:\\WINDOWS\\system32\\zlara.dll" "ThreadingModel"="Apartment" Notify key ----------
  10. Hi CalamityJane and Lavasoft Support i have got the same problem with [email protected] virus. i have followed your instruction from Lavasoft Support Forums > HELP! My computer is infected! What should I do? > HijackThis Logs until #8. i couldn't find below page: http://www.pandasoftware.com/activescan/co...n_principal.htm so i download it hijackthis from other website. Please can you help to review my report below. i would like to get the report from Adaware SE but i could not sucessfully download it. you can see error from the picture below. i think there are still some virus in my computer. If you think i don't have any more virus, should i uninstall the software i have installed for reports below? --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 4:03:05 AM 7/6/2006 + Scan result: C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned. C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned. C:\WINDOWS\g1922312.dll -> Downloader.Delf.amb : Cleaned. C:\WINDOWS\g305593.dll -> Downloader.Delf.amb : Cleaned. [232] C:\WINDOWS\g1922312.dll -> Downloader.Delf.amb : Cleaned. [768] C:\WINDOWS\g1922312.dll -> Downloader.Delf.amb : Cleaned. C:\Documents and Settings\Administrator\Local Settings\Temp\OA.exe -> Downloader.PurityScan.cq : Cleaned. C:\Program Files\Common Files\Y1123OA.exe -> Downloader.PurityScan.cq : Cleaned. C:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.wo : Cleaned. C:\WINDOWS\system32\oins.exe -> Dropper.Small : Cleaned. :mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.199:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.201:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.202:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.207:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.208:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.403:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.214:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.215:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.348:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.349:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.350:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.351:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Adviva : Cleaned. :mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.485:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Bfast : Cleaned. :mozilla.345:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.234:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Casinotropez : Cleaned. :mozilla.490:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Centrport : Cleaned. :mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Cj : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Cj : Cleaned. :mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.436:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned. :mozilla.443:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned. :mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.472:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.458:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.463:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.250:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.324:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.332:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.333:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.334:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.335:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.336:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.337:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.338:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.256:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned. :mozilla.306:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.307:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.308:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.309:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.505:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned. :mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.376:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.381:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.216:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.217:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.389:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.390:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.391:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.392:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.479:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.394:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.340:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.341:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.342:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.343:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.344:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.508:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned. :mozilla.509:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Trafic : Cleaned. :mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.453:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.388:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.393:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.396:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.399:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.401:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.404:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.449:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.374:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.375:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.445:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.496:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.497:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.498:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.499:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.500:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D1NKFR8O\bgates[1].exe -> Trojan.Dialer.pz : Cleaned. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GDUJ8HAB\srvhsf[1].exe -> Trojan.Pakes : Cleaned. C:\WINDOWS\Temp\winDD.tmp.exe -> Trojan.Pakes : Cleaned. C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned. C:\WINDOWS\system32\1024\ld2E4E.tmp -> Trojan.Small : Cleaned. C:\WINDOWS\system32\1024\ld33B9.tmp -> Trojan.Small : Cleaned. C:\WINDOWS\system32\1024\ld8CB7.tmp -> Trojan.Small : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned. ::Report end ------------------------------------------------------------------------ SmitFraudFix v2.67 Scan done at 4:07:28.65, Thu 07/06/2006 Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode ปปปปปปปปปปปปปปปปปปปปปปปป Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater" [HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32] @="C:\WINDOWS\g1922312.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32] @="C:\WINDOWS\g1922312.dll" ปปปปปปปปปปปปปปปปปปปปปปปป Killing process ปปปปปปปปปปปปปปปปปปปปปปปป Generic Renos Fix GenericRenosFix by S!Ri ปปปปปปปปปปปปปปปปปปปปปปปป Deleting infected files C:\WINDOWS\system32\dcomcfg.exe Deleted C:\WINDOWS\system32\hp???.tmp Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\regperf.exe Deleted C:\WINDOWS\system32\simpole.tlb Deleted C:\WINDOWS\system32\stdole3.tlb Deleted C:\WINDOWS\system32\ts.ico Deleted C:\DOCUME~1\ALLUSE~1\DESKTOP\Online Security Guide.url Deleted C:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url Deleted C:\Program Files\SpyQuake2.com\ Deleted ปปปปปปปปปปปปปปปปปปปปปปปป Deleting Temp Files ปปปปปปปปปปปปปปปปปปปปปปปป Registry Cleaning Registry Cleaning done. ปปปปปปปปปปปปปปปปปปปปปปปป After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater" [HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32] @="C:\WINDOWS\g1922312.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32] @="C:\WINDOWS\g1922312.dll" ปปปปปปปปปปปปปปปปปปปปปปปป End ------------------------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 4:27:08 AM, on 7/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe C:\WINDOWS\system32\clc.exe C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe C:\Program Files\Dict95\bin\MagicLnk.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\1-Click Answers\answers.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\1-Click Answers\agtserv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [internetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized O4 - HKCU\..\Run: [Ouoe] "C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe" -vt yax O4 - HKCU\..\Run: [clc] C:\WINDOWS\system32\clc.exe O4 - Global Startup: Digimax Viewer 2.1.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Magic Linker.lnk = C:\Program Files\Dict95\bin\MagicLnk.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = ? O4 - Global Startup: 1-Click Answers.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: ส่&งออà¸?ไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.phuketgazette.net O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g1922312.dll O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: MySql - Unknown owner - C:\IBserver\mysql\bin\mysqld-opt.exe ----------------------------------------
  11. Hi i have got the same problem with [email protected] virus. i have followed your instruction until #8. i couldn't get to this page: http://www.pandasoftware.com/activescan/co...n_principal.htm However i have managed to download HijackThis from other source. Please can you help to review my report below. i found that some virus are still in my computer. sometimes Ewido pop up virus found and there is still the virus found icon on the taskbar. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 4:03:05 AM 7/6/2006 + Scan result: C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned. C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned. C:\WINDOWS\g1922312.dll -> Downloader.Delf.amb : Cleaned. C:\WINDOWS\g305593.dll -> Downloader.Delf.amb : Cleaned. [232] C:\WINDOWS\g1922312.dll -> Downloader.Delf.amb : Cleaned. [768] C:\WINDOWS\g1922312.dll -> Downloader.Delf.amb : Cleaned. C:\Documents and Settings\Administrator\Local Settings\Temp\OA.exe -> Downloader.PurityScan.cq : Cleaned. C:\Program Files\Common Files\Y1123OA.exe -> Downloader.PurityScan.cq : Cleaned. C:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.wo : Cleaned. C:\WINDOWS\system32\oins.exe -> Dropper.Small : Cleaned. :mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.199:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.201:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.202:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.207:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.208:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.403:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned. :mozilla.214:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.215:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adserver : Cleaned. :mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.348:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.349:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.350:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.351:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Adviva : Cleaned. :mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.485:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Bfast : Cleaned. :mozilla.345:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.234:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Casinotropez : Cleaned. :mozilla.490:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Centrport : Cleaned. :mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Cj : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Cj : Cleaned. :mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.436:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned. :mozilla.443:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned. :mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.472:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned. :mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.458:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.463:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned. :mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Falkag : Cleaned. :mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.250:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.324:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.332:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.333:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.334:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.335:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.336:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.337:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.338:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned. :mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.256:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned. :mozilla.306:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.307:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.308:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.309:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.505:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned. :mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.376:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.381:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.216:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.217:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned. :mozilla.389:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.390:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.391:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.392:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.479:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned. :mozilla.394:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.340:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.341:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.342:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.343:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.344:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.508:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned. :mozilla.509:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Trafic : Cleaned. :mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.453:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned. :mozilla.388:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.393:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.396:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.399:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.401:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.404:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.449:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.374:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.375:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.445:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.496:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.497:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.498:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.499:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.500:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D1NKFR8O\bgates[1].exe -> Trojan.Dialer.pz : Cleaned. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GDUJ8HAB\srvhsf[1].exe -> Trojan.Pakes : Cleaned. C:\WINDOWS\Temp\winDD.tmp.exe -> Trojan.Pakes : Cleaned. C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned. C:\WINDOWS\system32\1024\ld2E4E.tmp -> Trojan.Small : Cleaned. C:\WINDOWS\system32\1024\ld33B9.tmp -> Trojan.Small : Cleaned. C:\WINDOWS\system32\1024\ld8CB7.tmp -> Trojan.Small : Cleaned. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned. ::Report end ------------------------------------------------------------------------ SmitFraudFix v2.67 Scan done at 4:07:28.65, Thu 07/06/2006 Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode ปปปปปปปปปปปปปปปปปปปปปปปป Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater" [HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32] @="C:\WINDOWS\g1922312.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32] @="C:\WINDOWS\g1922312.dll" ปปปปปปปปปปปปปปปปปปปปปปปป Killing process ปปปปปปปปปปปปปปปปปปปปปปปป Generic Renos Fix GenericRenosFix by S!Ri ปปปปปปปปปปปปปปปปปปปปปปปป Deleting infected files C:\WINDOWS\system32\dcomcfg.exe Deleted C:\WINDOWS\system32\hp???.tmp Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\regperf.exe Deleted C:\WINDOWS\system32\simpole.tlb Deleted C:\WINDOWS\system32\stdole3.tlb Deleted C:\WINDOWS\system32\ts.ico Deleted C:\DOCUME~1\ALLUSE~1\DESKTOP\Online Security Guide.url Deleted C:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url Deleted C:\Program Files\SpyQuake2.com\ Deleted ปปปปปปปปปปปปปปปปปปปปปปปป Deleting Temp Files ปปปปปปปปปปปปปปปปปปปปปปปป Registry Cleaning Registry Cleaning done. ปปปปปปปปปปปปปปปปปปปปปปปป After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater" [HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32] @="C:\WINDOWS\g1922312.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32] @="C:\WINDOWS\g1922312.dll" ปปปปปปปปปปปปปปปปปปปปปปปป End ------------------------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 4:27:08 AM, on 7/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe C:\WINDOWS\system32\clc.exe C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe C:\Program Files\Dict95\bin\MagicLnk.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\1-Click Answers\answers.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\1-Click Answers\agtserv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [internetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized O4 - HKCU\..\Run: [Ouoe] "C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe" -vt yax O4 - HKCU\..\Run: [clc] C:\WINDOWS\system32\clc.exe O4 - Global Startup: Digimax Viewer 2.1.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Magic Linker.lnk = C:\Program Files\Dict95\bin\MagicLnk.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = ? O4 - Global Startup: 1-Click Answers.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: ส่&งออà¸?ไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://www.phuketgazette.net O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g1922312.dll O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: MySql - Unknown owner - C:\IBserver\mysql\bin\mysqld-opt.exe -------------------------------------------------------------------