Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

morwillsearch.com popups help

Started by caffeinated , Dec 17 2005 04:09 PM

  • This topic is locked This topic is locked
11 replies to this topic

#1 caffeinated

caffeinated

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 17 December 2005 - 04:09 PM

Hello this is my first "hijack this" post...

Internet Explorer currently opens about every half hour with the morwillsearch.com page. its driving me crazy!
I'm not sure what other info is needed for analysis so please let me know

vmlib is new seems like bad news?
support.exe is old seems like bad news?

i have spybot, adaware, spy subtract installed and use them upon occasion

anyway,
here is my hijack this log

Thanks so much in advance,


Logfile of HijackThis v1.99.1
Scan saved at 3:57:52 PM, on 12/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.royalsearch.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=sas.r21.mchsi.com:8000
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: C:\WINDOWS\system32\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\system32\adsldpbe.dll
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - C:\WINDOWS\adsldpbd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll
O2 - BHO: (no name) - {CB4697C2-0A72-46F8-9AF4-EE648F3E92A7} - C:\WINDOWS\apigs.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
O15 - Trusted Zone: *.coolwebsearch.com
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104611015593
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: gs - C:\WINDOWS\adsldpbd.dll (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\netll.exe (file missing)

    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 07 January 2006 - 03:37 PM

caffeinated, Welcome to the forum, sorry about the delay getting to you but we are just overwhelmed by logs. You have a lot going on on your system. If you have not resolved this issue and still need my assistance, please post a new HJT log as your system may have changed since your last post and I will be glad to look it over for you. Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 caffeinated

caffeinated

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 07 January 2006 - 04:59 PM

Hi Ken

no problem on the wait time.

Thanks for the help,

Here you go...


Logfile of HijackThis v1.99.1
Scan saved at 4:56:23 PM, on 1/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=sas.r21.mchsi.com:8000
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - C:\WINDOWS\adsldpbd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll
O2 - BHO: (no name) - {CB4697C2-0A72-46F8-9AF4-EE648F3E92A7} - C:\WINDOWS\apigs.dll (file missing)
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINDOWS\adsldpbf.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104611015593
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: gs - C:\WINDOWS\adsldpbd.dll (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\netll.exe (file missing)

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 07 January 2006 - 06:22 PM

Hello caffeinated :D ,

We have a little work to do on your system, you have a few infections going on. I want to point out that your operating system is out of date and it is important that after we clean you up that you install Service Pack 2. But we will address this later on. It doesn't look like you have any Anti Virus protection either, not a good thing. I will direct you to a couple of free ones when your clean.

You may want to print out these instructions as we will be disconnecting from the internet for parts of the fix. Its also important that you follow them in the order that I have them listed.

First thing we have to do is this.....

Go to Start> Run and type in services.msc then Enter. Then scroll down and look for this service. Network Security Service ... Right click on that service and click on Stop Service. Then properties and change the Startup type to Disabled



Next I want you to download CWShredder
to your desktop.
* Open the program and check for updates But dont run it yet.
* Close out the program.

Now download and install the 30 day evaluation copy of Ewido Security Suites. But dont run it yet
Download and install Ewido security suite.
Ewido Security Suite
* Launch Ewido, there should be an icon on your desktop for it to double-click.
o Click on update
o You should see Update Complete when done.
o Now close out the program



Now enable Windows to Show All Files and Folders

* Click on MY COMPUTER
* Then on your C: Drive
* Then to TOOLS/ FOLDER OPTIONS/ VIEW
* Choose the radio button to SHOW HIDDEN FILES AND FOLDERS
* Take the checkmark out of HIDE EXTENSIONS FOR KNOWN FILE TYPES
* Then APPLY/ OK

* Don't forget to reverse this once your computer is clean




Reboot your computer into Safemode

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD


Now open and run CWShredder, let it scan and fix anything it finds.
Close out the program.




o Now open up Ewido
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.
* Close Ewido Security Suite.


While still in Safemode, open HJT Scan Only, close out all windows except HJT , put a checkmark in the following entries and click on Fix Checked.

* R3 - Default URLSearchHook is missing
* O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -
C:\WINDOWS\system32\st3.dll
* O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B712} -
C:\WINDOWS\adsldpbd.dll (file missing)
* O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll
* O2 - BHO: (no name) - {CB4697C2-0A72-46F8-9AF4-EE648F3E92A7} - C:\WINDOWS\apigs.dll (file
missing)
* O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} -
C:\WINDOWS\adsldpbf.dll
* O4 - HKLM\..\Run: [vmlib] vmlib.exe
* O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
* O4 - Startup: PowerReg Scheduler.exe
* O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
* O20 - Winlogon Notify: gs - C:\WINDOWS\adsldpbd.dll (file missing)
* O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
* O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner -
C:\WINDOWS\system32\netll.exe (file missing)

Now look for and delete the following files in Red

vmlib.exe <-- This one is a baddy, it is stealing your Bank Account numbers and passwords. It may be in C:\WINDOWS or C:\WINDOWS\system32. You will have to do a search for it.
C:\WINDOWS\adsldpbd.dll
C:\WINDOWS\apigs.dll
C:\WINDOWS\cc.exe
C:\WINDOWS\prflbmsgp32.dll
C:\WINDOWS\system32\netll.exe
C:\WINDOWS\system32\st3.dll

Now reboot normally and lets run a couple of online virus scanners. Run at least two and if there is an option to Auto Clean, do so. Panda will let you save a log, do so also.

Panda Active Scan
Trendmicro Housecall
BitDefender Online Scan

Now please post the log report from Ewido, the Panda scan and a new HJT log please.

Ken :D

Edited by ken545, 07 January 2006 - 06:25 PM.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 caffeinated

caffeinated

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 08 January 2006 - 01:51 AM

Ken,

These entries were not found to delete in the hijack this log:

O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll
O2 - BHO: (no name) - {CB4697C2-0A72-46F8-9AF4-EE648F3E92A7} - C:\WINDOWS\apigs.dll (file
missing)
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O23 - Service: Network Security Service (NSS) (%AF夶À¨) - Unknown owner -
C:\WINDOWS\system32\netll.exe (file missing)


also when searching for the files in red i was only able to find 3 files. Two of them related to the cc.exe (one i believe was cc.exe and another contained some cc.exe type wording and i deleted it too.) I also found a file called __delete_on_reboot__st3.dll but did not delete it.


I ran the cwshredder and ewido.

panda and housecall both found a whole bunch of stuff...


here are the logs:


panda


Incident Status Location

Spyware:spyware/smitfraud Not disinfected C:\WINDOWS\SYSTEM32\oleext32.dll
Adware:adware/psguard Not disinfected C:\WINDOWS\warnhp.html
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Brian Hanson\Cookies\brian hanson@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Brian Hanson\Cookies\brian hanson@mediaplex[2].txt
Spyware:Cookie/Abcsearch Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt[.abcsearch.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt[.ask.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt[.zedo.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt[.go.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt[.tickle.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Abcsearch Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt[.abcsearch.com/]
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt[.ask.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt[]
Spyware:Cookie/Abcsearch Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt[]
Virus:Trj/ClassLoader.U Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-6a0390d7-47949aa1.zip[BlackBox.class]
Virus:Trj/ClassLoader.V Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-6a0390d7-47949aa1.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-6a0390d7-47949aa1.zip[Dummy.class]
Virus:Trj/Downloader.HAS Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-6a0390d7-47949aa1.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1910af14-6f234e12.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1910af14-6f234e12.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1910af14-6f234e12.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1910af14-6f234e12.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76935f99-22c00d7d.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76935f99-22c00d7d.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76935f99-22c00d7d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76935f99-22c00d7d.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-c7acf92-1f6844a4.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-c7acf92-1f6844a4.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-c7acf92-1f6844a4.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-c7acf92-1f6844a4.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-3eb36219.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-3eb36219.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-3eb36219.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-652b4e66-3eb36219.zip[Beyond.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-44a7c557.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Brian Hanson\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-3eea367f.zip[InstallerApplet.class]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Brian Hanson\Cookies\brian hanson@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Brian Hanson\Cookies\brian hanson@mediaplex[2].txt
Adware:Adware/Miamore Not disinfected C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\7HR1KU4W\adsldpbd[1].dll
Dialer:Dialer.BEW Not disinfected C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\JAOVRPWT\connect[1][Content]
Potentially unwanted tool:Application/ServUBased.A Not disinfected C:\Serv-U\ServUDaemon.exe
Potentially unwanted tool:Application/ServUBased.A Not disinfected C:\Stuff\Saved Installs\susetup.exe[SERVUDAEMON.EXE]
Adware:Adware/Miamore Not disinfected C:\WINDOWS\cpblpbc3.log
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\javaqv.exe
Virus:W32/Spybot.gen.worm Disinfected C:\WINDOWS\SYSTEM32\coca.exe
Virus:W32/Smitfraud.D Disinfected C:\WINDOWS\SYSTEM32\oleext32.dll
Adware:Adware/Miamore Not disinfected C:\WINDOWS\SYSTEM32\__delete_on_reboot__st3.dll
Virus:Trj/HideProc.B Disinfected C:\WINDOWS\Temp\1.tmp
Spyware:Spyware/Smitfraud Not disinfected C:\WINDOWS\warnhp.html



Ewido



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:33:19 PM, 1/7/2006
+ Report-Checksum: E1D48279

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{0E37D9E0-99E3-DA14-3197-60132338963E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2402BAD1-2B03-B117-D0E4-9685436E0914} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{33DA09FC-0D84-29B4-815F-CC48795929D4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{37E5E66E-C168-B55B-BE2E-8478ED77CD96} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{46B118F7-A9C3-30B6-F02A-A8C72E1E4FD5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{483C767C-E381-7083-FD10-379897AEDEFB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4992E461-38DD-211A-FDE8-64A8C67647AD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5AECFEAF-B010-FBFD-B79E-285458AE4BFB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E7CC15F-6447-9E5E-1684-8AFEB8203457} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{602C9652-36AF-DEC5-DE23-DB34295B6BA5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66F47DB1-18C4-9337-E85F-30B8B1DD594A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6916E12D-B7B5-E5B2-A230-80E344B0872D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{74339574-CCF2-3651-E5EA-88C8BFBBFB28} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{77E35B59-5DBF-CA0F-2037-00B52E21E874} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{83F01EC6-1966-280C-39C0-52CF1BB626F6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{87647AF0-CDBF-C0AC-94F6-54F97CE2A6CA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DFCBD6E-113A-2348-6A3E-397AD2C21017} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9131706F-D034-5F4E-62F6-C060F737064C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9261C8D3-6127-C95A-7B9B-F9E8EE283C42} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9436A461-8EBA-8CCA-C8D5-98D6F786767A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9564CC48-05D0-7649-4D33-CBDCCFF9913B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E960055-CBAB-522C-F6D0-3C06FAA39285} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F97B6E9-C174-2E0C-BAF8-5BB263486A64} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A229042B-0D56-44A6-85DB-13CF1C4E9FD6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A5910E94-A676-201D-0838-F81C7746194D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B536A5F4-6F9B-5215-B3D9-716EF3F258A6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C7339624-BDA9-0FBB-8706-46F6CC80401F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D036544E-A9A9-5899-2551-5FC716B1F4E2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E7081361-B49F-D230-D56A-D49C0144CDBE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAE338CA-76EC-EAE9-7C17-A152A831A537} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EFFA5234-1603-4600-4D31-8FE60DB658FB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4BF9913-CC48-121B-F8DE-11BD3C45410F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
[232] C:\WINDOWS\system32\st3.dll -> Downloader.Delf.h : Cleaned with backup
[760] C:\WINDOWS\system32\st3.dll -> Downloader.Delf.h : Error during cleaning
:mozilla.14:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Firefox\Profiles\scwvt6d8.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temp\ablgopmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temp\cmcnjpmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temp\emnmjpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temp\ifdhjpmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temp\mihajpmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temp\mmjmjpmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temp\njomjpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temp\onemjpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\25TIZQTG\gdnUS2161[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\7HR1KU4W\adsldpbe[2].dll -> Downloader.Delf.lh : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\912CDNOP\gdnUS2161[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\912CDNOP\pic[1].wmf -> Exploit.MS05-053-WMF : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\912CDNOP\psg[1].anr -> Downloader.Ani.c : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\912CDNOP\st3m[1].dll -> Downloader.Delf.h : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\JAOVRPWT\pic[1].wmf -> Exploit.MS05-053-WMF : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\WJL36AJH\alt[1].exe -> Hijacker.Delf.eb : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\WJL36AJH\load4[1] -> Downloader.Small.byk : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\XP8RS23V\prflbmsgp32_se[1].dll -> Downloader.Delf.yb : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\XP8RS23V\US[1].exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\Z9S23MWX\adsldpbf[13].dll -> Downloader.Delf.lh : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\Z9S23MWX\gdnUS2161[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\Z9S23MWX\gdnUS2175[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\Z9S23MWX\load4[1] -> Downloader.Small.byk : Cleaned with backup
C:\Documents and Settings\Brian Hanson\Local Settings\Temporary Internet Files\Content.IE5\Z9S23MWX\runapl[1].exe -> Trojan.Small.ev : Cleaned with backup
C:\ntdetecd.exe -> Trojan.LowZones.cu : Cleaned with backup
C:\ntps.exe -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107304.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107305.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107306.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107307.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107308.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107309.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107310.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107311.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107312.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107313.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107314.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107315.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1121\A0107316.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1135\A0110024.dll -> Adware.PSGuard : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1135\A0110029.exe -> Adware.PSGuard : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1137\A0111269.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1137\A0111270.dll -> Downloader.Delf.zu : Cleaned with backup
C:\WINDOWS\adsldpbf.dll -> Downloader.Delf.lh : Cleaned with backup
C:\WINDOWS\alt.exe -> Hijacker.Delf.eb : Cleaned with backup
C:\WINDOWS\appig32.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bgdzmg.dat -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\BOOTSTAT.DAT:lerhn -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\byunhh.dat -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\cfrxsb.dat -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\COMSETUP.LOG:ftqce -> Downloader.Agent.cd : Cleaned with backup
C:\WINDOWS\cpblpbc5.log -> Downloader.Delf.lh : Cleaned with backup
C:\WINDOWS\crzv32.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cvrzsp.dat -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS2161.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\edagug.dat -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\EXPLORER.EXE:nkoks -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:ydgpu -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\javaqv.exe:kvvfd -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\KB823559.log:cwosf -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\KB837001.log:mgxun -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB840315.log:whqzh -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\khqkfk.dat -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\lkrxui.dat -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\mgupby.dat -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\mnedun.dat -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\msoffice.ini:kxrhk -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msuh32.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mswk.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\muninst.exe:cycnm -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\netcy.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\NOTEPAD.EXE:cpgve -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\n_bqpvfv.dat -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\n_dvcqfq.txt -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\n_hsdvjd.dat -> Downloader.Agent.gs : Cleaned with backup
C:\WINDOWS\n_ifpuod.dat:hrafc -> Downloader.Agent.cd : Cleaned with backup
C:\WINDOWS\n_ifpuod.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_jquozh.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_pqtjvs.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\pfpxdk.dat -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\playenu.hlp:mwuja -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PowerReg.dat:knvpp -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:fpmxu -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:wvsrq -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\prflbmsgp32.dll -> Downloader.Delf.yb : Cleaned with backup
C:\WINDOWS\PSDELUXE.ICO:cofuj -> Downloader.Agent.cd : Cleaned with backup
C:\WINDOWS\Q323255.log:pvlwt -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\Q328213.log:rzpbt ->

Edited by caffeinated, 08 January 2006 - 02:38 AM.

#6 caffeinated

caffeinated

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 08 January 2006 - 01:58 AM

i think it the last reply got cut short here is the rest of ewido and then the HJT.


C:\WINDOWS\Q329170.log:oqzqd -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\Q329834.log:grkeg -> Downloader.Agent.cd : Cleaned with backup
C:\WINDOWS\Q814033.log:duekj -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\Q817287.log:dvcqf -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q817287.log:wckim -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\Q817606.log:ekzei -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\QTW.INI:vwvwa -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\QUICKEN.INI:acihq -> Downloader.Agent.db : Cleaned with backup
C:\WINDOWS\REGOPT.LOG:wrbxo -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Rhododendron.bmp:ldmsf -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\Rtcw.INI:xaphs -> Downloader.Agent.db : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:qkvjd -> Downloader.Agent.an : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:acnpf -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:mkuvx -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sessmgr.setup.log:icssp -> Downloader.Agent.cd : Cleaned with backup
C:\WINDOWS\setup.log:elnaz -> Downloader.Agent.cd : Cleaned with backup
C:\WINDOWS\setupapi.log.0.old:pcjkd -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SETUPERR.LOG:adwhb -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sfqhuv.dat:hdbpy -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\sfqhuv.dat -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\SYSTEM.INI:wfrfr -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\SYSTEM32\d3nt.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\intell32.exe -> Spyware.PSGuard : Cleaned with backup
C:\WINDOWS\SYSTEM32\javaor32.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\netll.dll -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\oleext.dll -> Trojan.Small.ev : Cleaned with backup
C:\WINDOWS\SYSTEM32\st3.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\SYSTEM32\vmlib.exe -> Trojan.LowZones.cu : Cleaned with backup
C:\WINDOWS\TASKMAN.EXE:vulpe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\tczxht.dat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\TWUNK_32.EXE:hmjqs -> Downloader.WinShow.ak : Cleaned with backup
C:\WINDOWS\ulpec.dll:ngjgw -> Downloader.Agent.db : Cleaned with backup
C:\WINDOWS\uninst.exe:gzclq -> Downloader.Agent.al : Cleaned with backup
C:\WINDOWS\uninstIU.exe -> Trojan.Small.ev : Cleaned with backup
C:\WINDOWS\VBADDIN.INI:fcmbh -> Downloader.Agent.ap : Cleaned with backup
C:\WINDOWS\ymodpt.dat -> Downloader.Agent.al : Cleaned with backup


::Report End




Hijack This


Logfile of HijackThis v1.99.1
Scan saved at 1:38:29 AM, on 1/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=sas.r21.mchsi.com:8000
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104611015593
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

Thanks a lot Ken,

Brian

#7 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 08 January 2006 - 08:12 AM

Good morning Brian, :D

Your log is looking much better but were not out of the woods yet. The lines in HJT and the files you couldn't find were cleaned with Ewido so not to worry.

I would like you to download Pocket Killbox to your desktop , highlight all the files with there entire paths that I have in the quote box and and right click on the highlighted files and click on Copy. Then in Killbox your going to paste the entire thing in where it say Full Path of File to Delete.

C:\WINDOWS\javaqv.exe
C:\WINDOWS\SYSTEM32\coca.exe
C:\WINDOWS\system32\st3.dll
C:\WINDOWS\SYSTEM32\__delete_on_reboot__st3.dll
C:\WINDOWS\SYSTEM32\oleext32.dll





Download Pocket Killbox

* Open Pocket Killbox
* Copy and paste this entire path into Full Path of File to Delete
* Set it to Delete on Reboot
* Tick the box that says End Explorer shell while killing file
* Click on the Red circle with the white X
* It will ask you to confirm the deletion...Say yes
* It will ask you to reboot, say yes


Reboot back into Safemode and make sure these files are gone, if not delete them.

C:\WINDOWS\javaqv.exe
C:\WINDOWS\SYSTEM32\coca.exe
C:\WINDOWS\system32\st3.dll
C:\WINDOWS\SYSTEM32\__delete_on_reboot__st3.dll
C:\WINDOWS\SYSTEM32\oleext32.dll

While in Safemode, run HJT Scan Only and remove this entry.
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)


Lets clean out all your Temp files manually and all your Intenet Temporary Files.
This will be more effective in Safemode.


* Go to My Computer/ C: Drive/ Documents and Settings/ Every User on this computerLocal Settings
and delete all the contents of the Temp Folder

* Go to My Computer/ C:/ Windows/ Temp and delete all the contents of the Temp Folder

* Go to My Computer/ C:/ Windows/ Prefetch and remove all the contents of the Prefetch Folder.
But not the Prefetch folder itself.

NOW RE-BOOT NORMALLY


* Open INTERNET EXPLORER
* Click on the TOOLS MENU
* Then INTERNET OPTIONS
* At the GENERAL TAB (which should be the first tab you are currently on),
* click on the DELETE FILES BUTTON and put a checkmark in DELETE ALL OFFLINE CONTENT.
* Then press the OK BUTTON . This may take quite a while, so do not be alarmed with how long it takes.
* When it is done, your Temporary Internet Files will now be deleted.

Now Empty your Recycle Bin

Post back with a new HJT log please.

Edited by ken545, 08 January 2006 - 08:16 AM.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#8 caffeinated

caffeinated

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 08 January 2006 - 01:29 PM

Here is my new log Ken


Logfile of HijackThis v1.99.1
Scan saved at 1:24:50 PM, on 1/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=sas.r21.mchsi.com:8000
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Brian

Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brian

Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupd...b?1104611015593
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

#9 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 08 January 2006 - 02:03 PM

Brian,

Run Killbox in Safemode, do it the sameway as you did before and enter this path, but dont reboot when it askes you yet.
C:\WINDOWS\system32\st3.dll



Now while in Safemode run HJT Scan Only and remove this line
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)


Reboot normally.

Run HJT Scan Only again and see if this line is present. If its gone , then post a new HJT log, if its still there, then proceed with the instructions below
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)





Run Hijack This!

Click the "Open the Misc Tools section" button.

Click the "Open process manager" button.

Check the "Show DLLs" box (upper right).

Click on st3.dll in the upper window, then look in the lower window.

Check to see which processes are using st3.dll

Please post back with the results.

Ken :D

Edited by ken545, 08 January 2006 - 02:21 PM.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#10 caffeinated

caffeinated

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 08 January 2006 - 02:43 PM

Sorry Ken I dropped the ball and forgot that in the last step. :huh:

Here is the new log.

Thanks,

Brian


Logfile of HijackThis v1.99.1
Scan saved at 2:39:49 PM, on 1/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Mediacom Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=sas.r21.mchsi.com:8000
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brian Hanson\Application Data\Mozilla\Profiles\default\0gbhy1fx.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mchsi.com
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104611015593
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

#11 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 08 January 2006 - 04:21 PM

Brian,

Your log looks ok, :thumbup: How is your system running now?? If your still experiencing any issues, we can run a different scan.



If you play games at Gamespot, you can keep this otherwise fix it with HJT.
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab



Your Java is out of date and it is leaving your system vunerable. you can get the updates from Sun Microsystems HERE
Scroll to the middle of the page and Download JRE 5.0 Update 6
After it is installed, you can VERIFY the installtion.



You also need to update windows with Service Pack 2, there are also updates beyond SP2 that you need to install, this will help keep you more secure. This is what you want to do to get a successful install.

1. Have a Clean System <-- You are clean now
2. Run the windows Disk Defragger <-- This will make your system nice and tidy to accept the install.
3. Disable your Anti-Virus Software <-- You can choose ONE free program to install after you do the updates.

** Go to Start> All Programs> Windows Updates and go for it. Do not install any driver files, just SP2 and any crtitial updates


Here are some free programs and tips for keeping your system up to date, and to help keep all the riff raff out of your system. Be sure to follow the instructions for System Restore and for windows updates after you have them installed. The instructions for Disk Defragger is towards the bottom of my tips.

* Download and Install CCleaner, Click on RUN TOOL, when you run the Issues Scan and it asks
you to back up the registry Say Yes.

Now that your clean, we need to erase all possible older infected files that may still be lurking on your system.
* Clean out your TEMP FILES
* This procedure should be run from SAFEMODE for better results.

To Enter SAFEMODE

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD

* Go to My Computer/ C: Drive/ Documents and Settings/ Local Settings/ Every User on this Computer
and delete all the contents of the Temp Folder

* Go to My Computer/ C:/ Windows/ Temp and delete all the contents of the Temp Folder

* Go to My Computer/ C:/ Windows/ Prefetch and remove all the contents of the Prefetch Folder.
But not the Prefetch folder itself.

NOW RE-BOOT NORMALLY


* Open INTERNET EXPLORER
* Click on the TOOLS MENU
* Then INTERNET OPTIONS
* At the GENERAL TAB (which should be the first tab you are currently on),
* click on the DELETE FILES BUTTON and put a checkmark in DELETE ALL OFFLINE CONTENT.
* Then press the OK BUTTON . This may take quite a while, so do not be alarmed with how long it takes.
* When it is done, your Temporary Internet Files will now be deleted.

Now Empty your Recycle Bin

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your
system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.

* Right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

Reboot your System

Turn ON System Restore.

* Right-click My Computer.
* ClickProperties.
* Click the System Restore tab.
* UN-Check Turn off System Restore on all Drives.
* Click Apply, and then click OK.

* Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
You can name the restore point anything you like, something that you can remember

* Make sure that your ANTI-VIRUS SOFTWARE is up to date and run a full scan at least once aweek.

* Here are Free Anti-Virus Programs if you need one

AVG Free Edition
AntVir Personal Edition


* Spybot Search and Destroy 1.4
Check for Updates/ Immunize and run a Full System Scan on a regular basis.

* Ad-Aware SE Personal 1.06
Check for Updates and run a Full System Scan on a regular basis.

* Spyware Blaster It will prevent most spyware from ever being installed.

* Spyware Guard It offers realtime protection from spyware installation attempts.

* Win Patrol This program will warn you when any changes are being made to your system and
give you the option to deny the change.

* IE- Spyad IE-Spyad places over 4000 web sites and domains
in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed,
although you will still be able to connect to the sites.

* Firefox Browser
It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use
them both. When it asks you if you want it to be your default browser, say NO and take the checkmark out of the box to ask you again. After you use this
for awhile, you will want to make it your default.

* Thunderbird Mail There companion mail program was highly favored in PCWorld Magazine,
this has a good spam filter and is more secure than Outlook Express.

* Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't
access the internet without it.

* WINDOWS UPDATES - Enable Automatic Updates
Right click on MY COMPUTER/Click on PROPERTIES/ AUTOMATIC UPDATES and put a mark in the radio button
DOWNLOAD UPDATES FOR ME BUT LET ME CHOOSE WHEN TO INSTALL THEM.

* Go to START/ CONTROL PANEL> PERFROMANCE AND MAINTENANCE> REARRANGE ITEMS ON YOUR HARD DISK TO MAKE PROGRAMS RUN FASTER
This is the Windows Disk Defragger, run this maybe once or twice a month to keep your system running good. The first time you run it, it may take awhile.

So unless you have any other issues, thanks for using Tom Coyote

Ken :D

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#12 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 23 January 2006 - 04:05 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·