 |  |  |  |  |  |  |  |
Hijack This Log Attached
 |
I was advised from the Tech Talk Forum to post my "Hijack This" in this Forum. I've had quite a few viruses and trojans in my system. I've run Ad-Aware, NoAdware, Spybot, PCBug Doctor, Scan & Repair Utilities and I ran my AVG Virus scan several times. My system is still infected with "System32ssec.exe, and "Trojan horse Generic UGR".
I'm running Windows 2000 Pro. Have constant pop-ups and had to install Pop-Up Stopper Pro. I have Zone Alarm running and Webroot Spy Sweeper, but without the Pop-up Stopper Pro running, I have uncontrollable pop-ups.
The problems originally started with the Task Manager being disabled when hitting Alt+Ctrl+Delete. I then discovered that most of my Administrative Tools are missing. The only tools I have are Internet Services Manager, Personal Web Manager, and Server Extensions Administrator, and Sis Utility Tray. I need help cleaning up the viruses/trojans/spam and recovering the Administrative Tools files that are missing.
Here's the Hijack This:
Logfile of HijackThis v1.97.7
Scan saved at 1:30:21 AM, on 7/28/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\mqsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\thiselt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Linda Beres\Local Settings\Temp\wz502e\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20073&k=
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06D99B28-F33D-4E7F-AFE2-180BDE182540} - (no file)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {214B804F-7C16-4762-BE13-83ED51DFCFA5} - (no file)
O2 - BHO: (no name) - {2ADF7B9A-3C74-4C64-BBB5-1D1B062E2948} - (no file)
O2 - BHO: (no name) - {2D8ED8F1-7E54-44F1-A72F-DB798610CF7F} - (no file)
O2 - BHO: (no name) - {3052E7F9-685F-491B-9285-892D7657C8D5} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {32110540-5D44-4784-A6D5-E25C916F3CC1} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {385D17D9-B51D-D33B-695E-5C41DB1BCDBB} - (no file)
O2 - BHO: (no name) - {3D13C454-720F-4CEA-8BED-485B8FEFC401} - (no file)
O2 - BHO: (no name) - {3E0BD2B4-CD77-4173-980E-70CF86E92D35} - (no file)
O2 - BHO: (no name) - {420A7A1A-2B14-47A2-A84B-CD6630433B58} - (no file)
O2 - BHO: (no name) - {42C73763-6E85-480B-81AF-BC379CA5DB92} - \
O2 - BHO: (no name) - {52CD403A-4E70-455D-A93A-ACC877EB05AB} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {559727B9-61CA-42A1-8293-09F6A9FA91EF} - (no file)
O2 - BHO: (no name) - {59259AE4-C55E-4FA5-8687-E7D85CC76582} - (no file)
O2 - BHO: (no name) - {64E76C39-D2BA-47A5-B40B-EE4C883D583A} - (no file)
O2 - BHO: (no name) - {65585EF4-7D08-4A6A-A956-F7F2EDA2B6DE} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {732F0C99-F427-41D4-A741-B54F69404078} - (no file)
O2 - BHO: (no name) - {734A7701-E859-46B9-930A-FD8079B4B06C} - \
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {84FD810B-FA7D-4B09-8C38-06E9C685CF05} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {8C77204D-4C2B-4497-ABE0-8F7752CBF4D3} - \
O2 - BHO: (no name) - {958C2803-DAB8-4388-A43E-69442B1099B3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {9843AEA8-0C52-472E-89CA-96EA9384236B} - \
O2 - BHO: (no name) - {99C1D1C5-BFC9-43BD-998D-2E625F91645A} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll
O2 - BHO: (no name) - {A32E6C94-AD91-465C-900C-2B94E4EE9A53} - \
O2 - BHO: (no name) - {A51BF0F2-C65A-4C6F-BB66-7E4DFA532DDB} - (no file)
O2 - BHO: (no name) - {AF76883D-FB6C-4366-BF14-08C5E9D0ADC4} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {B4F14F3C-27A2-4920-BB9F-8752240D5032} - (no file)
O2 - BHO: (no name) - {B6053E7A-BE0A-4722-AB73-9599FCC77550} - \
O2 - BHO: (no name) - {C12925C5-B63A-45FE-BF65-D9E1D20C0C14} - (no file)
O2 - BHO: (no name) - {C6E467B4-FCF4-4407-8C3C-8C244FC49283} - (no file)
O2 - BHO: (no name) - {C82F2718-E958-4244-9735-57E8B18C1574} - \
O2 - BHO: (no name) - {DAA29E8C-370D-4F75-A152-E97AC2BC13A3} - (no file)
O2 - BHO: (no name) - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINNT\system32\ubbv.dll
O2 - BHO: (no name) - {E57C8438-DFEA-46C8-A920-E25A4BA64B3C} - (no file)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {EC1B360D-2B60-4011-BFAD-FAF5E31C25F9} - (no file)
O2 - BHO: (no name) - {FB112B9D-9CFC-41C0-A5F3-659DE8E138CD} - (no file)
O2 - BHO: (no name) - {FBC4ACF6-D539-485F-B64E-D4B2B4781FB9} - (no file)
O2 - BHO: (no name) - {FCD1E220-7EB4-4F88-93FD-472AE9573870} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {FE18E734-E17C-465B-A92A-629ED66F6BDB} - \
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141787050\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [w0fc46dd.dll] RUNDLL32.EXE w0fc46dd.dll,I2 000c8a6200fc46dd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [tSdURg2] "C:\WINNT\system32\fhsxc.exe"
O4 - HKLM\..\Run: [ftexc] C:\WINNT\system32\mptft.exe
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.6\taumon.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINNT\thiselt.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [faxvie] C:\WINNT\system32\faxvie.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINNT\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\1201.exe
O4 - HKCU\..\Run: [VSL07.exe] C:\WINNT\system32\VSL07.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Reboot.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin8.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...1F/wmvadvd.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/downlo...WebCleaner.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/21bef264...p/RdxIE601.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.90/images/PopupSh.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
Any help would be greatly appreciated. Thanks!
I'm running Windows 2000 Pro. Have constant pop-ups and had to install Pop-Up Stopper Pro. I have Zone Alarm running and Webroot Spy Sweeper, but without the Pop-up Stopper Pro running, I have uncontrollable pop-ups.
The problems originally started with the Task Manager being disabled when hitting Alt+Ctrl+Delete. I then discovered that most of my Administrative Tools are missing. The only tools I have are Internet Services Manager, Personal Web Manager, and Server Extensions Administrator, and Sis Utility Tray. I need help cleaning up the viruses/trojans/spam and recovering the Administrative Tools files that are missing.
Here's the Hijack This:
Logfile of HijackThis v1.97.7
Scan saved at 1:30:21 AM, on 7/28/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\mqsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\thiselt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Linda Beres\Local Settings\Temp\wz502e\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20073&k=
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06D99B28-F33D-4E7F-AFE2-180BDE182540} - (no file)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {214B804F-7C16-4762-BE13-83ED51DFCFA5} - (no file)
O2 - BHO: (no name) - {2ADF7B9A-3C74-4C64-BBB5-1D1B062E2948} - (no file)
O2 - BHO: (no name) - {2D8ED8F1-7E54-44F1-A72F-DB798610CF7F} - (no file)
O2 - BHO: (no name) - {3052E7F9-685F-491B-9285-892D7657C8D5} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {32110540-5D44-4784-A6D5-E25C916F3CC1} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {385D17D9-B51D-D33B-695E-5C41DB1BCDBB} - (no file)
O2 - BHO: (no name) - {3D13C454-720F-4CEA-8BED-485B8FEFC401} - (no file)
O2 - BHO: (no name) - {3E0BD2B4-CD77-4173-980E-70CF86E92D35} - (no file)
O2 - BHO: (no name) - {420A7A1A-2B14-47A2-A84B-CD6630433B58} - (no file)
O2 - BHO: (no name) - {42C73763-6E85-480B-81AF-BC379CA5DB92} - \
O2 - BHO: (no name) - {52CD403A-4E70-455D-A93A-ACC877EB05AB} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {559727B9-61CA-42A1-8293-09F6A9FA91EF} - (no file)
O2 - BHO: (no name) - {59259AE4-C55E-4FA5-8687-E7D85CC76582} - (no file)
O2 - BHO: (no name) - {64E76C39-D2BA-47A5-B40B-EE4C883D583A} - (no file)
O2 - BHO: (no name) - {65585EF4-7D08-4A6A-A956-F7F2EDA2B6DE} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {732F0C99-F427-41D4-A741-B54F69404078} - (no file)
O2 - BHO: (no name) - {734A7701-E859-46B9-930A-FD8079B4B06C} - \
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {84FD810B-FA7D-4B09-8C38-06E9C685CF05} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {8C77204D-4C2B-4497-ABE0-8F7752CBF4D3} - \
O2 - BHO: (no name) - {958C2803-DAB8-4388-A43E-69442B1099B3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {9843AEA8-0C52-472E-89CA-96EA9384236B} - \
O2 - BHO: (no name) - {99C1D1C5-BFC9-43BD-998D-2E625F91645A} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll
O2 - BHO: (no name) - {A32E6C94-AD91-465C-900C-2B94E4EE9A53} - \
O2 - BHO: (no name) - {A51BF0F2-C65A-4C6F-BB66-7E4DFA532DDB} - (no file)
O2 - BHO: (no name) - {AF76883D-FB6C-4366-BF14-08C5E9D0ADC4} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {B4F14F3C-27A2-4920-BB9F-8752240D5032} - (no file)
O2 - BHO: (no name) - {B6053E7A-BE0A-4722-AB73-9599FCC77550} - \
O2 - BHO: (no name) - {C12925C5-B63A-45FE-BF65-D9E1D20C0C14} - (no file)
O2 - BHO: (no name) - {C6E467B4-FCF4-4407-8C3C-8C244FC49283} - (no file)
O2 - BHO: (no name) - {C82F2718-E958-4244-9735-57E8B18C1574} - \
O2 - BHO: (no name) - {DAA29E8C-370D-4F75-A152-E97AC2BC13A3} - (no file)
O2 - BHO: (no name) - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINNT\system32\ubbv.dll
O2 - BHO: (no name) - {E57C8438-DFEA-46C8-A920-E25A4BA64B3C} - (no file)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {EC1B360D-2B60-4011-BFAD-FAF5E31C25F9} - (no file)
O2 - BHO: (no name) - {FB112B9D-9CFC-41C0-A5F3-659DE8E138CD} - (no file)
O2 - BHO: (no name) - {FBC4ACF6-D539-485F-B64E-D4B2B4781FB9} - (no file)
O2 - BHO: (no name) - {FCD1E220-7EB4-4F88-93FD-472AE9573870} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {FE18E734-E17C-465B-A92A-629ED66F6BDB} - \
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141787050\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [w0fc46dd.dll] RUNDLL32.EXE w0fc46dd.dll,I2 000c8a6200fc46dd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [tSdURg2] "C:\WINNT\system32\fhsxc.exe"
O4 - HKLM\..\Run: [ftexc] C:\WINNT\system32\mptft.exe
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.6\taumon.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINNT\thiselt.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [faxvie] C:\WINNT\system32\faxvie.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINNT\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\1201.exe
O4 - HKCU\..\Run: [VSL07.exe] C:\WINNT\system32\VSL07.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Reboot.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin8.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...1F/wmvadvd.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.microsoft.com/downlo...WebCleaner.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/21bef264...p/RdxIE601.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.90/images/PopupSh.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
Any help would be greatly appreciated. Thanks!
•
•
Join Date: Feb 2004
Posts: 10,107
Reputation: 
Solved Threads: 768
Can you please do the following.
===============
Download, then unzip to "C:\HJT", the newest version of HiJackThis; version 1.99.1. Then repost your log, either now, or after following the steps in the solution (if provided in this post). This version has features that might be more helpful in 'cleaning' up your system.
Make sure that you unzip it to a permanent folder.
===============
Scan with HiJackThis, then check(tick) the following, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20073&k=
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {06D99B28-F33D-4E7F-AFE2-180BDE182540} - (no file)
O2 - BHO: (no name) - {214B804F-7C16-4762-BE13-83ED51DFCFA5} - (no file)
O2 - BHO: (no name) - {2ADF7B9A-3C74-4C64-BBB5-1D1B062E2948} - (no file)
O2 - BHO: (no name) - {2D8ED8F1-7E54-44F1-A72F-DB798610CF7F} - (no file)
O2 - BHO: (no name) - {3052E7F9-685F-491B-9285-892D7657C8D5} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {32110540-5D44-4784-A6D5-E25C916F3CC1} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {385D17D9-B51D-D33B-695E-5C41DB1BCDBB} - (no file)
O2 - BHO: (no name) - {3D13C454-720F-4CEA-8BED-485B8FEFC401} - (no file)
O2 - BHO: (no name) - {3E0BD2B4-CD77-4173-980E-70CF86E92D35} - (no file)
O2 - BHO: (no name) - {420A7A1A-2B14-47A2-A84B-CD6630433B58} - (no file)
O2 - BHO: (no name) - {42C73763-6E85-480B-81AF-BC379CA5DB92} - \
O2 - BHO: (no name) - {52CD403A-4E70-455D-A93A-ACC877EB05AB} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {559727B9-61CA-42A1-8293-09F6A9FA91EF} - (no file)
O2 - BHO: (no name) - {59259AE4-C55E-4FA5-8687-E7D85CC76582} - (no file)
O2 - BHO: (no name) - {64E76C39-D2BA-47A5-B40B-EE4C883D583A} - (no file)
O2 - BHO: (no name) - {65585EF4-7D08-4A6A-A956-F7F2EDA2B6DE} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {732F0C99-F427-41D4-A741-B54F69404078} - (no file)
O2 - BHO: (no name) - {734A7701-E859-46B9-930A-FD8079B4B06C} - \
O2 - BHO: (no name) - {84FD810B-FA7D-4B09-8C38-06E9C685CF05} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {8C77204D-4C2B-4497-ABE0-8F7752CBF4D3} - \
O2 - BHO: (no name) - {958C2803-DAB8-4388-A43E-69442B1099B3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {9843AEA8-0C52-472E-89CA-96EA9384236B} - \
O2 - BHO: (no name) - {99C1D1C5-BFC9-43BD-998D-2E625F91645A} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll
O2 - BHO: (no name) - {A32E6C94-AD91-465C-900C-2B94E4EE9A53} - \
O2 - BHO: (no name) - {A51BF0F2-C65A-4C6F-BB66-7E4DFA532DDB} - (no file)
O2 - BHO: (no name) - {AF76883D-FB6C-4366-BF14-08C5E9D0ADC4} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {B4F14F3C-27A2-4920-BB9F-8752240D5032} - (no file)
O2 - BHO: (no name) - {B6053E7A-BE0A-4722-AB73-9599FCC77550} - \
O2 - BHO: (no name) - {C12925C5-B63A-45FE-BF65-D9E1D20C0C14} - (no file)
O2 - BHO: (no name) - {C6E467B4-FCF4-4407-8C3C-8C244FC49283} - (no file)
O2 - BHO: (no name) - {C82F2718-E958-4244-9735-57E8B18C1574} - \
O2 - BHO: (no name) - {DAA29E8C-370D-4F75-A152-E97AC2BC13A3} - (no file)
O2 - BHO: (no name) - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINNT\system32\ubbv.dll
O2 - BHO: (no name) - {E57C8438-DFEA-46C8-A920-E25A4BA64B3C} - (no file)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {EC1B360D-2B60-4011-BFAD-FAF5E31C25F9} - (no file)
O2 - BHO: (no name) - {FB112B9D-9CFC-41C0-A5F3-659DE8E138CD} - (no file)
O2 - BHO: (no name) - {FBC4ACF6-D539-485F-B64E-D4B2B4781FB9} - (no file)
O2 - BHO: (no name) - {FCD1E220-7EB4-4F88-93FD-472AE9573870} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {FE18E734-E17C-465B-A92A-629ED66F6BDB} - \
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/21bef264...p/RdxIE601.cab
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\WINNT\system32\WinNB57.dll
C:\WINNT\system32\ubbv.dll
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
===============
Please download and install ewido anti-spyware tool
After rebooting, rescan with hijackthis and post back a new log. Please post the Ewido log also.
===============
Download, then unzip to "C:\HJT", the newest version of HiJackThis; version 1.99.1. Then repost your log, either now, or after following the steps in the solution (if provided in this post). This version has features that might be more helpful in 'cleaning' up your system.
Make sure that you unzip it to a permanent folder.
===============
Scan with HiJackThis, then check(tick) the following, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20073&k=
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {06D99B28-F33D-4E7F-AFE2-180BDE182540} - (no file)
O2 - BHO: (no name) - {214B804F-7C16-4762-BE13-83ED51DFCFA5} - (no file)
O2 - BHO: (no name) - {2ADF7B9A-3C74-4C64-BBB5-1D1B062E2948} - (no file)
O2 - BHO: (no name) - {2D8ED8F1-7E54-44F1-A72F-DB798610CF7F} - (no file)
O2 - BHO: (no name) - {3052E7F9-685F-491B-9285-892D7657C8D5} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {32110540-5D44-4784-A6D5-E25C916F3CC1} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {385D17D9-B51D-D33B-695E-5C41DB1BCDBB} - (no file)
O2 - BHO: (no name) - {3D13C454-720F-4CEA-8BED-485B8FEFC401} - (no file)
O2 - BHO: (no name) - {3E0BD2B4-CD77-4173-980E-70CF86E92D35} - (no file)
O2 - BHO: (no name) - {420A7A1A-2B14-47A2-A84B-CD6630433B58} - (no file)
O2 - BHO: (no name) - {42C73763-6E85-480B-81AF-BC379CA5DB92} - \
O2 - BHO: (no name) - {52CD403A-4E70-455D-A93A-ACC877EB05AB} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {559727B9-61CA-42A1-8293-09F6A9FA91EF} - (no file)
O2 - BHO: (no name) - {59259AE4-C55E-4FA5-8687-E7D85CC76582} - (no file)
O2 - BHO: (no name) - {64E76C39-D2BA-47A5-B40B-EE4C883D583A} - (no file)
O2 - BHO: (no name) - {65585EF4-7D08-4A6A-A956-F7F2EDA2B6DE} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {732F0C99-F427-41D4-A741-B54F69404078} - (no file)
O2 - BHO: (no name) - {734A7701-E859-46B9-930A-FD8079B4B06C} - \
O2 - BHO: (no name) - {84FD810B-FA7D-4B09-8C38-06E9C685CF05} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {8C77204D-4C2B-4497-ABE0-8F7752CBF4D3} - \
O2 - BHO: (no name) - {958C2803-DAB8-4388-A43E-69442B1099B3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {9843AEA8-0C52-472E-89CA-96EA9384236B} - \
O2 - BHO: (no name) - {99C1D1C5-BFC9-43BD-998D-2E625F91645A} - (no file)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll
O2 - BHO: (no name) - {A32E6C94-AD91-465C-900C-2B94E4EE9A53} - \
O2 - BHO: (no name) - {A51BF0F2-C65A-4C6F-BB66-7E4DFA532DDB} - (no file)
O2 - BHO: (no name) - {AF76883D-FB6C-4366-BF14-08C5E9D0ADC4} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {B4F14F3C-27A2-4920-BB9F-8752240D5032} - (no file)
O2 - BHO: (no name) - {B6053E7A-BE0A-4722-AB73-9599FCC77550} - \
O2 - BHO: (no name) - {C12925C5-B63A-45FE-BF65-D9E1D20C0C14} - (no file)
O2 - BHO: (no name) - {C6E467B4-FCF4-4407-8C3C-8C244FC49283} - (no file)
O2 - BHO: (no name) - {C82F2718-E958-4244-9735-57E8B18C1574} - \
O2 - BHO: (no name) - {DAA29E8C-370D-4F75-A152-E97AC2BC13A3} - (no file)
O2 - BHO: (no name) - {DFE7D27E-C021-4C72-80F3-254B776E0992} - C:\WINNT\system32\ubbv.dll
O2 - BHO: (no name) - {E57C8438-DFEA-46C8-A920-E25A4BA64B3C} - (no file)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {EC1B360D-2B60-4011-BFAD-FAF5E31C25F9} - (no file)
O2 - BHO: (no name) - {FB112B9D-9CFC-41C0-A5F3-659DE8E138CD} - (no file)
O2 - BHO: (no name) - {FBC4ACF6-D539-485F-B64E-D4B2B4781FB9} - (no file)
O2 - BHO: (no name) - {FCD1E220-7EB4-4F88-93FD-472AE9573870} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {FE18E734-E17C-465B-A92A-629ED66F6BDB} - \
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\system32\WinNB57.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/21bef264...p/RdxIE601.cab
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\WINNT\system32\WinNB57.dll
C:\WINNT\system32\ubbv.dll
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
===============
Please download and install ewido anti-spyware tool
- Close all other Applications Select language click Ok
- Click I Agree
- Click next
- Click Install
- Click Finish
- Wait and Ewido will open to the main screen automatically.
- Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
- This in very important to get updates
- When updating has finished. Close Ewido.
- Next, please reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear use arrow up to highlight
- Select the first option, to run Windows in Safe Mode hit enter.
- For additional help in booting into Safe Mode, see the following site: HERE
You MUST manage to get into Safe Mode for the fix to work.
- Open Ewido
- Click on scanner top of Ewido sceen
- Click on Settings
- Under How to Act click on Recommended Action choose Quarantine
- Under How to scan all boxes should be selected
- Under Possibly unwanted software all boxes should be selected
- On right side under Reports: click on Automatically generate report after every scan.
- Under What to scan select scan every file
- Click On scan Tab
- Click on Complete system scan
- Let the program scan the machine It can take awhile give it time.
- When scan has finished At bottom of screen click Apply all Actions
- Click Save report
- Click Save Report as (Save as window's screen should pop up.)
- Click desktop
- Click Save
- Exit ewido
After rebooting, rescan with hijackthis and post back a new log. Please post the Ewido log also.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Thank you for all your help, but do you or anyone know how I can restore the "Administrative Tools" files that were deleted by the viruses/trojans I had? I'm running Win2000 Pro SP4, but my Win2000 CD is SP2...so when I tried to repair, it will not let me do it because I now have SP4 running on my system and the the Win2000 CD is SP2???? Thanks!
•
•
Join Date: Feb 2004
Posts: 10,107
Reputation:
Solved Threads: 768
I think we need to get rid of all the malware on your PC before we try to rectify that problem 
. You are still badly infected as the steps I asked you to do were preliminary.
Please do all that I asked and post the logs please.
. You are still badly infected as the steps I asked you to do were preliminary.Please do all that I asked and post the logs please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Here's the results of HijackThis and also Ewido Scan Report. Your help is so appreciated. Thanks!
Logfile of HijackThis v1.99.1
Scan saved at 10:49:44 PM, on 8/10/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\system32\khooker.exe
C:\Program Files\Common Files\AOL\1141787050\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\cidaemon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Linda Beres\Local Settings\Temp\wz1a89\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09F0C717-6ACF-44CC-87A3-856898069F75} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {3E12C92F-5204-4EFD-A1CA-BB811E0D2E55} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {40F3C07B-A69D-42C9-943E-F44B51027D6C} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {47F55CFE-3E3B-426C-9CE9-4ADD348029D3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {6F8736C8-70CE-4620-81CA-21AAAA56D67E} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8385FDDC-3FBD-409A-AD71-6B3BA622F373} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {917634C0-5CDD-4CB6-A78A-A2647B3EE871} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {943C98C0-3587-4194-B368-4C32B01DB701} - \
O2 - BHO: (no name) - {C4B91D3F-0962-4B62-B536-AC2EB25F7F81} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {CD65EC13-9212-4200-B99F-80F3963EF3C2} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {DDF9195D-3372-4C40-A24E-AE17863E73B1} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {EAAF6E3A-15D6-4FA5-B610-A09944A940FF} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141787050\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [w0fc46dd.dll] RUNDLL32.EXE w0fc46dd.dll,I2 000c8a6200fc46dd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [faxvie] C:\WINNT\system32\faxvie.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINNT\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\1201.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT2Net.lnk = C:\Program Files\BT2Net\bt2net.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin8.dll
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/in...altpmtscab.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.90/images/PopupSh.ocx
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINNT\system32\ubbv.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:37:10 PM 8/10/2006
+ Scan result:
C:\WINNT\Downloaded Program Files\APInstall_Tiny.dll -> Adware.AccessMedia : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.1\APInstall_Tiny.dll -> Adware.AccessMedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Local Settings\Temp\mitA.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Local Settings\Temp\mitA.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Program Files\Accessories\horejoruj.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\UERS_0001_N82M1105NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@2o7[6].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 10:49:44 PM, on 8/10/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\mqsvc.exe
C:\WINNT\system32\khooker.exe
C:\Program Files\Common Files\AOL\1141787050\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\cidaemon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Linda Beres\Local Settings\Temp\wz1a89\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09F0C717-6ACF-44CC-87A3-856898069F75} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {3E12C92F-5204-4EFD-A1CA-BB811E0D2E55} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {40F3C07B-A69D-42C9-943E-F44B51027D6C} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {47F55CFE-3E3B-426C-9CE9-4ADD348029D3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {6F8736C8-70CE-4620-81CA-21AAAA56D67E} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8385FDDC-3FBD-409A-AD71-6B3BA622F373} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {917634C0-5CDD-4CB6-A78A-A2647B3EE871} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {943C98C0-3587-4194-B368-4C32B01DB701} - \
O2 - BHO: (no name) - {C4B91D3F-0962-4B62-B536-AC2EB25F7F81} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {CD65EC13-9212-4200-B99F-80F3963EF3C2} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {DDF9195D-3372-4C40-A24E-AE17863E73B1} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {EAAF6E3A-15D6-4FA5-B610-A09944A940FF} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141787050\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [w0fc46dd.dll] RUNDLL32.EXE w0fc46dd.dll,I2 000c8a6200fc46dd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [faxvie] C:\WINNT\system32\faxvie.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINNT\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\1201.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT2Net.lnk = C:\Program Files\BT2Net\bt2net.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin8.dll
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/in...altpmtscab.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.90/images/PopupSh.ocx
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINNT\system32\ubbv.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:37:10 PM 8/10/2006
+ Scan result:
C:\WINNT\Downloaded Program Files\APInstall_Tiny.dll -> Adware.AccessMedia : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.1\APInstall_Tiny.dll -> Adware.AccessMedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Local Settings\Temp\mitA.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Local Settings\Temp\mitA.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Program Files\Accessories\horejoruj.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\UERS_0001_N82M1105NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.j : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINNT\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@2o7[6].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Linda Beres\Cookies\linda beres@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
::Report end
•
•
Join Date: Feb 2004
Posts: 10,107
Reputation:
Solved Threads: 768
Can you please do the following.
-
Please go to Jotti's and have this file scanned. Post the results back here.
C:\WINNT\system32\ubbv.dll
===============
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Also move the "Backups" folder, for HiJackThis, if present.
===============
Scan with HiJackThis, then check(tick) the following, if present:
O2 - BHO: (no name) - {09F0C717-6ACF-44CC-87A3-856898069F75} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {3E12C92F-5204-4EFD-A1CA-BB811E0D2E55} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {40F3C07B-A69D-42C9-943E-F44B51027D6C} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {47F55CFE-3E3B-426C-9CE9-4ADD348029D3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {6F8736C8-70CE-4620-81CA-21AAAA56D67E} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {8385FDDC-3FBD-409A-AD71-6B3BA622F373} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {917634C0-5CDD-4CB6-A78A-A2647B3EE871} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {943C98C0-3587-4194-B368-4C32B01DB701} - \
O2 - BHO: (no name) - {C4B91D3F-0962-4B62-B536-AC2EB25F7F81} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {CD65EC13-9212-4200-B99F-80F3963EF3C2} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {DDF9195D-3372-4C40-A24E-AE17863E73B1} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {EAAF6E3A-15D6-4FA5-B610-A09944A940FF} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O4 - HKLM\..\Run: [w0fc46dd.dll] RUNDLL32.EXE w0fc46dd.dll,I2 000c8a6200fc46dd
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
O4 - HKCU\..\Run: [faxvie] C:\WINNT\system32\faxvie.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINNT\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\1201.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\WINNT\system32\faxvie.exe
C:\Documents and Settings\Linda Beres\Application Data\System Restore\wallp2.exe
C:\WINNT\system32\VSL13.exe
C:\Documents and Settings\Linda Beres\Application Data\System Restore\1201.exe
Search for...
w0fc46dd.dll
...using "Start | Search...".
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
-
Please go to Jotti's and have this file scanned. Post the results back here.
C:\WINNT\system32\ubbv.dll
===============
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Also move the "Backups" folder, for HiJackThis, if present.
===============
Scan with HiJackThis, then check(tick) the following, if present:
O2 - BHO: (no name) - {09F0C717-6ACF-44CC-87A3-856898069F75} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {3E12C92F-5204-4EFD-A1CA-BB811E0D2E55} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {40F3C07B-A69D-42C9-943E-F44B51027D6C} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {47F55CFE-3E3B-426C-9CE9-4ADD348029D3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {6F8736C8-70CE-4620-81CA-21AAAA56D67E} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {8385FDDC-3FBD-409A-AD71-6B3BA622F373} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {917634C0-5CDD-4CB6-A78A-A2647B3EE871} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {943C98C0-3587-4194-B368-4C32B01DB701} - \
O2 - BHO: (no name) - {C4B91D3F-0962-4B62-B536-AC2EB25F7F81} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {CD65EC13-9212-4200-B99F-80F3963EF3C2} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {DDF9195D-3372-4C40-A24E-AE17863E73B1} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {EAAF6E3A-15D6-4FA5-B610-A09944A940FF} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O4 - HKLM\..\Run: [w0fc46dd.dll] RUNDLL32.EXE w0fc46dd.dll,I2 000c8a6200fc46dd
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
O4 - HKCU\..\Run: [faxvie] C:\WINNT\system32\faxvie.exe
O4 - HKCU\..\Run: [wallp2.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\wallp2.exe
O4 - HKCU\..\Run: [VSL13.exe] C:\WINNT\system32\VSL13.exe
O4 - HKCU\..\Run: [1201.exe] C:\Documents and Settings\Linda Beres\Application Data\System Restore\1201.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
files...
C:\WINNT\system32\faxvie.exe
C:\Documents and Settings\Linda Beres\Application Data\System Restore\wallp2.exe
C:\WINNT\system32\VSL13.exe
C:\Documents and Settings\Linda Beres\Application Data\System Restore\1201.exe
Search for...
w0fc46dd.dll
...using "Start | Search...".
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear use arrow up to highlight
-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
well I'm unable to do anything now.....the comp boots up and then shuts down completely by itself. It actually powers down (turns off) and then I can't turn it back on for several minutes. I did have the power supply replaced several months ago. I opened up the comp and it looks like the fan on the power supply may not be running???
•
•
Join Date: Feb 2004
Posts: 10,107
Reputation:
Solved Threads: 768
Doesn't sound good. You may have to get your hands on another PSU and try it.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- ICON.EXE - Hijack this log attached - HELP PLS !!! (Viruses, Spyware and other Nasties)
- plz hlp hijack log attached (Viruses, Spyware and other Nasties)
- Critical System Error message (Viruses, Spyware and other Nasties)
- Hijack This Log...Slow Browsers (Viruses, Spyware and other Nasties)
- Hijacked - Log attached - Please Help! (Viruses, Spyware and other Nasties)
- Hijacked! Log attached - please help! (Viruses, Spyware and other Nasties)
- Please Help... Hijack log attached (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: hjt help needed
- Next Thread: (task manager) need help some1 PLEASE review hijackthis file
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus rootkit sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec threat trojan unwanted update usa virus viruses vista volume warning windows worm yahoo zero-day
