 |  |  |  |  |  |  |  |
HJT Please help me remove virus
 |
I don't know how to remove this but from what I hear deleting things with out professional help can hurt my computer more...
Please someone give me guidance on how to remove this virus!
Here's my HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 8:33:18 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Online Video Add-on\isfmntr.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Online Video Add-on\icmntr.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrpfn.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll
O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll
O3 - Toolbar: The netadv - {D1413F77-5B69-4562-84E1-78F997794E9D} - C:\WINDOWS\netadv.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer = 85.255.116.150,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer = 85.255.116.150,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer = 85.255.116.150,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.150 85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.150 85.255.112.152
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: msvb - {23BE808E-3F5D-4CE7-8E0A-C61FF21713B1} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55} - C:\WINDOWS\sysdx.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
Please someone give me guidance on how to remove this virus!
Here's my HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 8:33:18 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Online Video Add-on\isfmntr.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Online Video Add-on\icmntr.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrpfn.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll
O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll
O3 - Toolbar: The netadv - {D1413F77-5B69-4562-84E1-78F997794E9D} - C:\WINDOWS\netadv.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer = 85.255.116.150,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer = 85.255.116.150,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer = 85.255.116.150,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.150 85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.150 85.255.112.152
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: msvb - {23BE808E-3F5D-4CE7-8E0A-C61FF21713B1} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55} - C:\WINDOWS\sysdx.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
You need to uninstall that version of hijackthis and install the latest (2.0.2) version. Do NOT run it from the zip folder as you are now doing so, but run the zip program and unzip hijackthis to a permanent folder.
==
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
==
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Here is the rapport from smitfraudfix. what's the next step?
thank you for your help
SmitFraudFix v2.250
Scan done at 23:53:50.98, Mon 11/05/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Online Video Add-on\icmntr.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\bndsrpfn.dll FOUND !
C:\WINDOWS\netadv.dll FOUND !
C:\WINDOWS\privacy_danger FOUND !
C:\WINDOWS\sysdx.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\flirek.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\Owner\FAVORI~1\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\Owner\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Online Video Add-on\ FOUND !
C:\Program Files\VideoAccessCodec\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdpqb.exe"
kdpqb.exe detected !
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 85.255.116.150
DNS Server Search Order: 85.255.112.152
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 85.255.116.150
DNS Server Search Order: 85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
thank you for your help
SmitFraudFix v2.250
Scan done at 23:53:50.98, Mon 11/05/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Online Video Add-on\icmntr.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\bndsrpfn.dll FOUND !
C:\WINDOWS\netadv.dll FOUND !
C:\WINDOWS\privacy_danger FOUND !
C:\WINDOWS\sysdx.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\flirek.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\Owner\FAVORI~1\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\Owner\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Online Video Add-on\ FOUND !
C:\Program Files\VideoAccessCodec\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdpqb.exe"
kdpqb.exe detected !
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 85.255.116.150
DNS Server Search Order: 85.255.112.152
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 85.255.116.150
DNS Server Search Order: 85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode by doing the following :
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
SmitFraudFix v2.250
Scan done at 10:18:16.60, Tue 11/06/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\bndsrpfn.dll Deleted
C:\WINDOWS\netadv.dll Deleted
C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\sysdx.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55}]
Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55}]
C:\WINDOWS\system32\flirek.dll Deleted
C:\DOCUME~1\Owner\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Spyware?Malware Protection.url Deleted
C:\Program Files\Online Video Add-on\ Deleted
C:\Program Files\VideoAccessCodec\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdpqb.exe"
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\kdpqb.exe Deleted
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 10:18:16.60, Tue 11/06/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\bndsrpfn.dll Deleted
C:\WINDOWS\netadv.dll Deleted
C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\sysdx.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55}]
Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55}]
C:\WINDOWS\system32\flirek.dll Deleted
C:\DOCUME~1\Owner\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Spyware?Malware Protection.url Deleted
C:\Program Files\Online Video Add-on\ Deleted
C:\Program Files\VideoAccessCodec\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdpqb.exe"
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\kdpqb.exe Deleted
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» End
Ok. You forgot to post the hijackthis log I requested, but do this now please;
Please download FixWareout from this site:
http://www.bleepingcomputer.com/file...Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log please.
Please download FixWareout from this site:
http://www.bleepingcomputer.com/file...Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- Trying to remove a virus (Viruses, Spyware and other Nasties)
- Unable to remove Virus Alert, Pop Ups & IE Start Up page .. help ... (Viruses, Spyware and other Nasties)
- Unable to remove Virus Alert, Pop Ups & IE Start Up page .. help ... (Viruses, Spyware and other Nasties)
- Attack of a " rdriv.sys" virus (Viruses, Spyware and other Nasties)
- Please, HJT log help requested (II) ! (Viruses, Spyware and other Nasties)
- Virus Downloader.tooncom (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: A few random popups remain after Vundo
- Next Thread: messed up desktop
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday