DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   Under Attack! (http://www.daniweb.com/forums/thread49095.html)

AceX Jul 1st, 2006 5:34 pm
Under Attack!
 
I need help on removing two things, entitled atmclk.exe and dcomcfg.exe. I'm constantly getting security alerts and infection warnings from them, as they've showed up on my taskbar. I'm not entirely sure how I got them. Here's my HJT log.

EDIT - Sorry, I forgot to close everything before I ran HJT. Want me to run it again?

------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:46:56 PM, on 5/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Globe Software\StatBar\StatBar.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\BitTorrent\bittorrent.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\Michael\My Documents\HiJackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EPSON Stylus CX6400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [StatBar] D:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DW4] "D:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BitTorrent.lnk = D:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

AceX Jul 1st, 2006 7:15 pm
Re: Under Attack!
 
Sorry for the double post, but it won't let me edit that post again =\.

So that's the wrong log, here's the correct one.
-------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:12:48 PM, on 7/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\be1bd5b.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\dcomcfg.exe
D:\WINDOWS\system32\atmclk.exe
D:\Program Files\NoNameScript\mirc.exe
D:\Documents and Settings\Michael\My Documents\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EPSON Stylus CX6400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [seekmo] "d:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [be1bd5b.exe] D:\WINDOWS\system32\be1bd5b.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [StatBar] D:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [be1bd5b.exe] D:\Documents and Settings\Michael\Local Settings\Application Data\be1bd5b.exe
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BitTorrent.lnk = D:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

kylethedarkn Jul 2nd, 2006 1:39 am
Re: Under Attack!
 
Ok first of all run HJT and check the following
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
The following is optional but is a resource hog and is not of much use.
O4 - HKCU\..\Run: [StatBar] D:\Program Files\Globe Software\StatBar\StatBar.exe\
Close all other windows and click fix checked.

Also about those files try reboot to safe mode by tapping F8 during start up and deleting them.
Post your new HJT log and tell me the problems that still exist.

AceX Jul 2nd, 2006 4:00 am
Re: Under Attack!
 
Logfile of HijackThis v1.99.1
Scan saved at 4:01:42 PM, on 7/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\dcomcfg.exe
D:\WINDOWS\system32\atmclk.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\Michael\My Documents\HiJackThis\HijackThis.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EPSON Stylus CX6400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [StatBar] D:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BitTorrent.lnk = D:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

The problem is still there, I'm still getting faux security warnings. I even went and removed them manually, but they're still around. =\

kylethedarkn Jul 2nd, 2006 1:13 pm
Re: Under Attack!
 
Ok first download Ewido Security Suite from here.
  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait Ewido will open main screen automatically.
  • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
  • This in very important to get updates
  • When updating has finished. Close Ewido.
If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.
Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
  • Open Ewido
  • Click on scanner top of Ewido sceen
  • Click on Settings
  • Under How to Act click on Recommended Action choose Quarantine
  • Under How to scan all boxes should be selected
  • Under Possibly unwanted software all boxes should be selected
  • On right side under Reports: click on Automatically generate report after every scan.
  • Under What to scan select scan every file
  • Click On scan Tab
  • Click on Complete system scan
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished At bottom of screen click Apply all Actions
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop
  • Click Save
  • Exit ewido
Reboot back to normal mode


After in normal rename hijackthis.exe to a different name like scanner.exe and then run it again and post the new HJT and the ewido log.

AceX Jul 13th, 2006 7:41 pm
Re: Under Attack!
 
Did what you told me to, here are the results;

Ewido report:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:18:53 PM 7/13/2006

+ Scan result:



HKU\S-1-5-21-1482476501-220523388-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : No action taken.
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : No action taken.
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : No action taken.
D:\WINDOWS\system32\ddcbyxy.dll -> Adware.Virtumonde : No action taken.
D:\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe -> Downloader.Agent.alr : No action taken.
D:\Documents and Settings\Michael\Local Settings\Temp\win5BF.tmp.exe -> Downloader.IstBar.eq : No action taken.
D:\WINDOWS\winres.dll -> Downloader.IstBar.ff : No action taken.
D:\WINDOWS\Temp\win46.tmp.exe -> Downloader.Small.cvw : No action taken.
D:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.we : No action taken.
D:\WINDOWS\system32\regperf.exe -> Downloader.Zlob.we : No action taken.
D:\WINDOWS\system32\dcomcfg.exe -> Downloader.Zlob.yi : No action taken.
D:\WINDOWS\system32\hp100.tmp -> Downloader.Zlob.yi : No action taken.
D:\WINDOWS\system32\simpole.tlb -> Downloader.Zlob.yi : No action taken.
D:\WINDOWS\system32\hvcycg.dll -> Not-A-Virus.Hoax.Win32.Renos.dt : No action taken.
D:\Documents and Settings\Michael\Local Settings\Temp\brutus-aet2\BrutusA2.exe -> Not-A-Virus.PSWTool.Win32.Brutus : No action taken.
:mozilla.281:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.315:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.380:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.69:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.70:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.71:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.72:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.73:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.389:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Addcontrol : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.25:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.26:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.27:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.29:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.30:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.301:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.302:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.303:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.304:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.305:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@track.adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.339:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.340:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
:mozilla.114:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.115:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.116:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.117:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.118:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.119:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.120:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.32:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.176:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.390:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.391:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.392:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.100:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.101:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.102:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.94:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.95:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.96:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.97:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.98:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.99:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.231:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.23:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.244:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.245:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.246:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.247:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.248:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.33:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.384:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.385:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.386:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.387:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.388:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.168:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.169:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.170:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.171:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.172:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.173:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.197:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.347:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.218:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.219:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.221:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.324:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.381:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Komtrack : No action taken.
:mozilla.382:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Komtrack : No action taken.
:mozilla.383:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Komtrack : No action taken.
:mozilla.192:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.195:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.196:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.333:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.239:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.240:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@overture[2].txt -> TrackingCookie.Overture : No action taken.
:mozilla.308:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.309:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.310:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.311:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.249:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Popularix : No action taken.
:mozilla.211:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.212:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.213:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.283:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.284:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.285:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.286:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.287:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.288:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.289:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.290:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.270:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.300:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.306:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.307:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.335:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.336:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.337:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.338:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.198:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.199:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.200:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.359:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.360:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.361:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.346:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Tracking101 : No action taken.
:mozilla.201:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.202:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.203:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.177:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.178:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.179:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.180:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.181:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.182:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.183:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.184:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.185:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.20:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.21:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.22:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.24:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.28:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.397:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.398:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.399:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.400:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.401:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.402:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@reduxads.valuead[1].txt -> TrackingCookie.Valuead : No action taken.
:mozilla.295:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.296:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.297:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.74:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.76:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.77:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.78:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.79:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.330:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.331:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.332:D:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\q30j0fqk.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
D:\Documents and Settings\Michael\Cookies\michael@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
D:\WINDOWS\Temp\firefox.exe -> Trojan.Pakes : No action taken.
D:\Documents and Settings\Michael\Local Settings\Temp\!update.exe -> Trojan.PurityAd : No action taken.
D:\Documents and Settings\Michael\Local Settings\Temp\mst5B8.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024 -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld1119.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld19A6.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld1CA1.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld1D4F.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld1D73.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld2F43.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld4108.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld426.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld5006.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld523F.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld53.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld5458.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld5D22.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld60AF.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld6171.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld61CD.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld62B4.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld6FA9.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld801.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld876D.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld8B30.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld996E.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ld9B16.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldA7BB.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldACEF.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldAEBA.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldB2B.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldC78C.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldCE1C.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldD4BE.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldD5F8.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldDC9F.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldECD5.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldEDFA.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldF288.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\1024\ldF9E4.tmp -> Trojan.Small : No action taken.
D:\WINDOWS\system32\winzdn32.dll -> Trojan.Small : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : No action taken.


::Report end

HJT Report:

Logfile of HijackThis v1.99.1
Scan saved at 3:40:30 PM, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\be1bd5b.exe
D:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\ewido anti-spyware 4.0\guard.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Michael\My Documents\Scanner\Scanner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - D:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {C94F2F3F-92B8-4F88-8652-F80975D4582C} - (no file)
O2 - BHO: (no name) - {D6CF4121-0392-49C6-930F-CDCA41A8974F} - D:\WINDOWS\system32\mllmm.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EPSON Stylus CX6400] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [be1bd5b.exe] D:\WINDOWS\system32\be1bd5b.exe
O4 - HKLM\..\Run: [!ewido] "D:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [StatBar] D:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [be1bd5b.exe] D:\Documents and Settings\Michael\Local Settings\Application Data\be1bd5b.exe
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BitTorrent.lnk = D:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: mllmm - D:\WINDOWS\system32\mllmm.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

kylethedarkn Jul 13th, 2006 11:40 pm
Re: Under Attack!
 
You didn't follow the ewido steps make sure you complete all the steps and be sure to click apply all actions at the end.


All times are GMT -4. The time now is 4:38 am.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC