 |  |  |  |  |  |  |  |
hijackthis log for viruses?
Thread Solved
 |
My computer keeps telling me I have viruses but when i seach for them using mcafee it doesn't find anything. I've posted a hijackthis log below. Thanks for helping!
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Winamp\winampa.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\BitComet\BitComet.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\Firefox\firefox.exe
C:\WinRAR\WinRAR.exe
C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\Rar$EX00.938\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpD4FF.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitComet] "C:\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1162
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Winamp\winampa.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\BitComet\BitComet.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\Firefox\firefox.exe
C:\WinRAR\WinRAR.exe
C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\Rar$EX00.938\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpD4FF.tmp
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitComet] "C:\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1162
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation: 
Solved Threads: 98
By the looks of the log, it was probally the virus telling you you had a virus, to trick you to by there porgram 
.
Please run HJT again, and select Do system scan only. Then check these items.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpD4FF.tmp
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1162
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
Click Fix Checked.
_________________________________________________
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Next, please reboot your computer in Safe Mode by doing the following :
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
__________________________________________
Please download Pocket Killbox by O^E.
_____________________________________________
Please download ewido anti-malware it is a free version of the program.
ewido manual updates
Once the updates are installed close ewido anti-malware.
Next, please reboot your computer in Safe Mode by doing the following :
Once in safe mode,
Post a new HJT log, the smitfraudfix log, and the ewido log.
.Please run HJT again, and select Do system scan only. Then check these items.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpD4FF.tmp
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1162
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
Click Fix Checked.
_________________________________________________
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Next, please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
__________________________________________
Please download Pocket Killbox by O^E.
- Save it to your desktop.
- Please double-click Killbox.exe to run it.
- Select:
- Delete on Reboot
- then Click on the All Files button.
- Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\hpD4FF.tmp
C:\WINDOWS\SYSTEM32\winmfu32.dll
- Return to Killbox, go to the File menu, and choose Paste from Clipboard.
- Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
_____________________________________________
Please download ewido anti-malware it is a free version of the program.
- Install ewido anti-malware
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Launch ewido, there should be an icon on your desktop, double-click it.
- The program will now open to the main screen.
- When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful" )
ewido manual updates
Once the updates are installed close ewido anti-malware.
Next, please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Once in safe mode,
- Open up Ewido
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- You will be prompted to clean the first infection.
- Select "Perform action on all infections", then proceed.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
- Close ewido anti-malware.
Post a new HJT log, the smitfraudfix log, and the ewido log.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Thanks for your help and nice picture. Here is the new HijackThis log:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Winamp\winampa.exe
C:\BitComet\BitComet.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\ewido anti-malware\ewidoctrl.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Firefox\firefox.exe
C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\Rar$EX01.031\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitComet] "C:\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Here is the new SmitFraudFix file:
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\reglogs.dll Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\OWNER~1.THE\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\SpyFalcon\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End
Here's the ewido log:
:mozilla.13:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temp\Rar$EX00.250\backups\backup-20060508-185953-571.dll -> Adware.MediaTickets : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\43OBYDK9\mulbin1[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\43OBYDK9\srvfgc[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\43OBYDK9\srvuem[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\43OBYDK9\winsis32[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\BUGQ0PBO\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\BUGQ0PBO\srvpnw[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\CDER4HUV\srvhsd[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\HT6CBM7Z\srvulf[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\HT6CBM7Z\YazzleActiveX[1].cab/YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\Temp\win11.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win32.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win36.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win39.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win3C.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup
::Report End
Thank you again for your help there are no more virus messages.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Winamp\winampa.exe
C:\BitComet\BitComet.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\ewido anti-malware\ewidoctrl.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Firefox\firefox.exe
C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\Rar$EX01.031\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitComet] "C:\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Here is the new SmitFraudFix file:
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\reglogs.dll Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\OWNER~1.THE\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\SpyFalcon\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End
Here's the ewido log:
:mozilla.13:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Owner.TheVatsals\Application Data\Mozilla\Firefox\Profiles\r8ji6wyq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Cookies\owner@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temp\Rar$EX00.250\backups\backup-20060508-185953-571.dll -> Adware.MediaTickets : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\43OBYDK9\mulbin1[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\43OBYDK9\srvfgc[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\43OBYDK9\srvuem[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\43OBYDK9\winsis32[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\BUGQ0PBO\srvlbin5[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\BUGQ0PBO\srvpnw[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\CDER4HUV\srvhsd[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\HT6CBM7Z\srvulf[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\Owner.TheVatsals\Local Settings\Temporary Internet Files\Content.IE5\HT6CBM7Z\YazzleActiveX[1].cab/YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\Temp\win11.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win32.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win36.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win39.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win3C.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup
::Report End
Thank you again for your help there are no more virus messages.
Awsome, all clean except for 1 entry.
Check off this one with HJT:
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
And other then that, it all looks good.
Any more problems?
Last thing, post a new HJT log just to make sure that entry disappears.
Thanks.
Check off this one with HJT:
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
And other then that, it all looks good.
Any more problems?
Last thing, post a new HJT log just to make sure that entry disappears.
Thanks.
Now if ya like the help ya could always raise our reputation...
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Indeed.
But please if you did not install firefox to this direcotry let us know.
C:\Firefox\firefox.exe
But please if you did not install firefox to this direcotry let us know.
C:\Firefox\firefox.exe
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Thanks again for your help, i fixed that missing file thing and here is the new log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Winamp\winampa.exe
C:\BitComet\BitComet.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\Rar$EX00.640\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitComet] "C:\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Digital Media Reader\shwicon2k.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Winamp\winampa.exe
C:\BitComet\BitComet.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\OWNER~1.THE\LOCALS~1\Temp\Rar$EX00.640\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunKist] C:\Program Files\Digital Media Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitComet] "C:\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
|
Similar Threads
- Another HijackThis Log for hacktool.rootkit virus (Viruses, Spyware and other Nasties)
- my pc is at 100% cpu usage. HELP.. Please see Hijackthis log (Viruses, Spyware and other Nasties)
- Could u please have a look on my HijackThis Log file? (Viruses, Spyware and other Nasties)
- HiJackThis log after several hours of virus resolution (Viruses, Spyware and other Nasties)
- problems with MSIESH.DLL (Viruses, Spyware and other Nasties)
- Hijackthis log file (Viruses, Spyware and other Nasties)
- HijackThis log file (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: antispylab on dad's computer :(
- Next Thread: w32.spybotworm - need help
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday