WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help on log.

Started by Claudio778 , Apr 22 2006 05:21 AM

This topic is locked

18 replies to this topic

#1 Claudio778

New Member

Authentic Member
10 posts

Posted 22 April 2006 - 05:21 AM

Here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 07:52:56, on 22/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\system\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Desktop\HijackThis.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R3 - URLSearchHook: (no name) - {959D0AF2-0A78-9C53-1890-4CB4D6803EAC} - WhatsNewBot.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system\lsass.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [Microsoft ® Windows Network Security Service] C:\WINDOWS\system\lsass.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: Local Area Connection.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSzeb012
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...Players_Network
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.c...E/lotrttt_e.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.c...ds/iaieplay.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128207575928
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120250607314
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative....ClientNoMFC.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer = 85.255.113.148,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\..\{61B276ED-6BEC-4282-816E-497B21EBA4D7}: NameServer = 85.255.113.148,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\..\{90AAE9D4-FE71-456C-AE1F-26D7DA072D55}: NameServer = 85.255.113.148,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0D6910E-220D-4321-A327-BF4F215A6891}: NameServer = 85.255.113.148 85.255.112.203
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer = 85.255.113.148,85.255.112.203
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer = 85.255.113.148,85.255.112.203
O17 - HKLM\System\CS3\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer = 85.255.113.148,85.255.112.203
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ldr64 - C:\WINDOWS\SYSTEM32\ldr64.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Dcom Helper (DcmHlp) - Unknown owner - C:\WINDOWS\dcmhelp.exe (file missing)
O23 - Service: KLBLMain - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Windows Network Security Service (lsass) - Unknown owner - C:\WINDOWS\system\lsass.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

Waiting for help. Tks.

Advertisements

Register to Remove

#2 Claudio778

New Member

Authentic Member
10 posts

Posted 22 April 2006 - 11:20 AM

I updated Kaspersky, but it terminated, shutting down windows. These are some lines of the log. Memory object winlogon.exe\ldr64.dll Infected with a virus Trojan-Downloader.Win32.Bagle.ak. C:\WINDOWS\dcmhelp.exe Is a backdoor trojan Backdoor.Win32.SdBot.xd C:\WINDOWS\System32\explorer.exe Is a backdoor trojan Backdoor.Win32.PoeBot.c Startup object HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run [Windows Explorer=C:\WINDOWS\System32\explorer.exe] Could not be disinfected C:\WINDOWS\DCMHELP.EXE Is a backdoor trojan Backdoor.Win32.SdBot.xd What should I do?

#3 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 22 April 2006 - 11:31 AM

Hello Claudio778, welcome to the TC Forum.

Download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.

While still in Safe Mode:

Open C:\Windows\Prefetch\ Delete ALL files in this folder.

Do this also if these Temp Folders are part of your OS.

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#4 Claudio778

New Member

Authentic Member
10 posts

Posted 22 April 2006 - 04:49 PM

After few hours, the Ewido and HijachThis come with these logs.
What are the next steps?

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 19:24:42, 4/22/2006
+ Report-Checksum: 5ED4BB89

+ Scan result:

:mozilla.12:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\8un2gqkh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Cookies\cláudio@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Cookies\cláudio@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\lw0e4xzr.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Cookies\flávio@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Cookies\flávio@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Cookies\flávio@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Cookies\flávio@ehg-adidas.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Cookies\flávio@ehg-liverpoolfctv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Cookies\flávio@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Flávio.MICROSOF-6UJ69T\Cookies\flávio@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.515:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.516:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.581:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.583:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.584:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.593:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.610:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.613:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.629:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.632:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.676:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.727:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.731:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Incredifind : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.739:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Incredifind : Cleaned with backup
:mozilla.743:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Incredifind : Cleaned with backup
:mozilla.776:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup
:mozilla.780:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
:mozilla.782:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.784:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.785:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.786:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.790:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.792:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.793:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.794:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.803:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.804:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.805:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.811:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.812:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.829:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.845:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.864:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.866:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.876:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.881:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.882:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.883:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.891:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Specificpop : Cleaned with backup
:mozilla.892:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.894:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.895:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.909:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.910:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.915:C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Application Data\Mozilla\Firefox\Profiles\ymub85sy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Cookies\gustavo@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Cookies\gustavo@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Cookies\gustavo@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Cookies\gustavo@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Cookies\gustavo@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Cookies\gustavo@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Cookies\gustavo@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Cookies\gustavo@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Cookies\gustavo@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Cookies\gustavo@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Cookies\gustavo@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Local Settings\Temp\90exssd32a.exe -> Downloader.Agent.ajd : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Local Settings\Temp\99exssd32a.exe -> Downloader.Agent.ajd : Cleaned with backup
C:\Documents and Settings\Gustavo.MICROSOF-6UJ69T\Local Settings\Temp\Cookies\gustavo@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Program Files\Discador click21\DialUP.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Discador Telefonica\ddt.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Discador UOL 10.0 Light\Discador Light.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-113007714-1060284298-1003\Dc91\cláudio@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-682003330-113007714-1060284298-1003\Dc91\cláudio@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\WINDOWS\system\lsass.exe -> Proxy.874 : Cleaned with backup
C:\WINDOWS\system32\filesafer23.exe -> Hijacker.Small : Cleaned with backup
C:\WINDOWS\system32\howiper.exe -> Trojan.Small.gq : Cleaned with backup
C:\WINDOWS\system32\ldr64.dll -> Downloader.Bagle.ak : Cleaned with backup
C:\WINDOWS\system32\TFTP2360 -> Backdoor.Rbot.axx : Cleaned with backup
C:\WINDOWS\system32\TFTP3316 -> Backdoor.Rbot.axx : Cleaned with backup
C:\WINDOWS\userinit.exe -> Backdoor.SdBot.xd : Cleaned with backup
G:\My Documents\My Music\foxit pdf reader professional.zip/FoxitReaderPro1.x_readyu.rar/FoxitReaderPro_crack.exe -> Downloader.VB.ts : Cleaned with backup
G:\My Documents\Gustavo's Documents\Programs\Discadores\DIscadorYahoo! Acesso Gratis\newdialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup
G:\My Documents\Gustavo's Documents\Programs\Discadores\Discador Telefonica\ddt.exe -> Heuristic.Win32.Dialer : Cleaned with backup
G:\My Documents\Gustavo's Documents\Programs\UOL-discador.exe -> Heuristic.Win32.Dialer : Cleaned with backup
H:\My Documents\Minhas Webs\neodownloader 2.02 crack.zip/neodownloader 2.02 crack.exe -> Trojan.Small : Cleaned with backup

::Report End

==============================================

Logfile of HijackThis v1.99.1
Scan saved at 19:35:44, on 22/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Desktop\HijackThis.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R3 - URLSearchHook: (no name) - {959D0AF2-0A78-9C53-1890-4CB4D6803EAC} - WhatsNewBot.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system\lsass.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded

Program Files\gbiehabn.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN

Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n

PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google

Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: Local Area Connection.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSzeb012
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQ\ICQLite\icq5\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program

Files\ICQ\ICQLite\icq5\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINDOWS\web\related.htm
O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program

Files\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program

Files\UnSpyPC\UnSpyPC.exe (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -

https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -

https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -

https://components.v...MetaStream3.cab?

url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.09.13&unknown&unknown&http://w

ww.sonystyle.com/is-bin/INTERSHOP.enfinity/eCS/Store/en/-/USD/SY_DisplayProductInformation-Start?

ProductSKU=NWHD5RED&Dept=audio&CategoryName=pa_DigitalMusicPlayers_Network
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -

http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) -

http://www.lotrdvd.c...E/lotrttt_e.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) -

http://www.lotrdvd.c...ds/iaieplay.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://www.snapfish....fishActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.micros...b?1128207575928
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b?1120250607314
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) -

https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) -

http://www.creative....ClientNoMFC.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -

http://www.creative....15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer =

85.255.113.148,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\..\{61B276ED-6BEC-4282-816E-497B21EBA4D7}: NameServer =

85.255.113.148,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\..\{90AAE9D4-FE71-456C-AE1F-26D7DA072D55}: NameServer =

85.255.113.148,85.255.112.203
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer =

85.255.113.148,85.255.112.203
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer =

85.255.113.148,85.255.112.203
O17 - HKLM\System\CS3\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer =

85.255.113.148,85.255.112.203
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file

missing)
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Dcom Helper (DcmHlp) - Unknown owner - C:\WINDOWS\dcmhelp.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido

anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: KLBLMain - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro

5\kavmm.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Windows Network Security Service (lsass) - Unknown owner - C:\WINDOWS\system\lsass.exe (file

missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

#5 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 22 April 2006 - 04:53 PM

Please post a new HijackThis log and turn wordwrap OFF in notepad before posting the log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#6 Claudio778

New Member

Authentic Member
10 posts

Posted 22 April 2006 - 05:19 PM

Here is the Hijachthis. Sorry for the wordwrap.

Logfile of HijackThis v1.99.1
Scan saved at 19:35:44, on 22/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Desktop\HijackThis.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R3 - URLSearchHook: (no name) - {959D0AF2-0A78-9C53-1890-4CB4D6803EAC} - WhatsNewBot.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system\lsass.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: Local Area Connection.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSzeb012
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...Players_Network
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.c...E/lotrttt_e.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.c...ds/iaieplay.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128207575928
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120250607314
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative....ClientNoMFC.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer = 85.255.113.148,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\..\{61B276ED-6BEC-4282-816E-497B21EBA4D7}: NameServer = 85.255.113.148,85.255.112.203
O17 - HKLM\System\CCS\Services\Tcpip\..\{90AAE9D4-FE71-456C-AE1F-26D7DA072D55}: NameServer = 85.255.113.148,85.255.112.203
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer = 85.255.113.148,85.255.112.203
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer = 85.255.113.148,85.255.112.203
O17 - HKLM\System\CS3\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer = 85.255.113.148,85.255.112.203
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Dcom Helper (DcmHlp) - Unknown owner - C:\WINDOWS\dcmhelp.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: KLBLMain - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Windows Network Security Service (lsass) - Unknown owner - C:\WINDOWS\system\lsass.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

#7 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 22 April 2006 - 05:39 PM

Note this is part of the infection you have:
Trojan.Satiloler.D is a Trojan horse that attempts to steal user names, passwords, and other sensitive information from the compromised computer. It also attempts to lower security settings and open a proxy server on a random TCP port.

Do you use your PC for any financial things like paying bills online?

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless instructed to.

use Add/Remove Programs and remove:
UnSpyPC

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R3 - URLSearchHook: (no name) - {959D0AF2-0A78-9C53-1890-4CB4D6803EAC} - WhatsNewBot.dll (file missing)

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system\lsass.exe

O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)

O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.v...Players_Network

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -

O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer = 85.255.113.148,85.255.112.203

O17 - HKLM\System\CCS\Services\Tcpip\..\{61B276ED-6BEC-4282-816E-497B21EBA4D7}: NameServer = 85.255.113.148,85.255.112.203

O17 - HKLM\System\CCS\Services\Tcpip\..\{90AAE9D4-FE71-456C-AE1F-26D7DA072D55}: NameServer = 85.255.113.148,85.255.112.203

O17 - HKLM\System\CS1\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer = 85.255.113.148,85.255.112.203

O17 - HKLM\System\CS2\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer = 85.255.113.148,85.255.112.203

O17 - HKLM\System\CS3\Services\Tcpip\..\{3A99CF37-3780-4E65-92B5-0CEF740BD165}: NameServer = 85.255.113.148,85.255.112.203

O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)

O23 - Service: Windows Network Security Service (lsass) - Unknown owner - C:\WINDOWS\system\lsass.exe (file missing)

O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"

Delete these Files if listed:
C:\WINDOWS\system\lsass.exe <--ONLY from this location
C:\WINDOWS\System32\explorer.exe <--ONLY from this location
C:\WINDOWS\system32\nvsvcd.exe

Open C:\Windows\Prefetch\ Delete ALL files in this folder.

Empty Recycle Bin

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log.

Edited by LDTate, 22 April 2006 - 05:40 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#8 Claudio778

New Member

Authentic Member
10 posts

Posted 22 April 2006 - 06:37 PM

I did the procedure and got a popup window when starting Windows.
"BFO
Click Yes"
I just shut it down.

The report.txt is this:

Fixwareout ver 1.003
Last edited 04/09/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mcvmd
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

====================================
Logfile of HijackThis v1.99.1
Scan saved at 21:26:54, on 22/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [uio] newbreed.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Telefonica.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: Local Area Connection.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSzeb012
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.c...E/lotrttt_e.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.c...ds/iaieplay.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128207575928
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120250607314
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative....ClientNoMFC.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0D6910E-220D-4321-A327-BF4F215A6891}: NameServer = 85.255.113.148 85.255.112.203
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Dcom Helper (DcmHlp) - Unknown owner - C:\WINDOWS\dcmhelp.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: KLBLMain - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Windows Network Security Service (lsass) - Unknown owner - C:\WINDOWS\system\lsass.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Ok. What is the next step?
Tks

#9 Claudio778

New Member

Authentic Member
10 posts

Posted 22 April 2006 - 06:38 PM

I did the procedure .
Did not find the
C:\WINDOWS\system\lsass.exe
C:\WINDOWS\System32\explorer.exe

And got a popup window when starting Windows after Fixwareout.
"BFO
Click Yes"
I just shut it down.

The report.txt is this:

Fixwareout ver 1.003
Last edited 04/09/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mcvmd
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

====================================
Logfile of HijackThis v1.99.1
Scan saved at 21:26:54, on 22/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [uio] newbreed.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Telefonica.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: Local Area Connection.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSzeb012
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.c...E/lotrttt_e.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.c...ds/iaieplay.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128207575928
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120250607314
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative....ClientNoMFC.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0D6910E-220D-4321-A327-BF4F215A6891}: NameServer = 85.255.113.148 85.255.112.203
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Dcom Helper (DcmHlp) - Unknown owner - C:\WINDOWS\dcmhelp.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: KLBLMain - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Windows Network Security Service (lsass) - Unknown owner - C:\WINDOWS\system\lsass.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Ok. What is the next step?
Tks

#10 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 22 April 2006 - 06:44 PM

Hello , Welcome to the forum.

I suggest you do this:

Please do not delete anything unless instructed to.

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O4 - HKLM\..\Run: [uio] newbreed.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w

O17 - HKLM\System\CCS\Services\Tcpip\..\{E0D6910E-220D-4321-A327-BF4F215A6891}: NameServer = 85.255.113.148 85.255.112.203

O23 - Service: Windows Network Security Service (lsass) - Unknown owner - C:\WINDOWS\system\lsass.exe (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"

Delete these Files if listed:
newbreed.exe

Open C:\Windows\Prefetch\ Delete ALL files in this folder.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Advertisements

Register to Remove

#11 Claudio778

New Member

Authentic Member
10 posts

Posted 22 April 2006 - 07:11 PM

the pc behaved fine this time, no window popup.
Here is the next log:

Logfile of HijackThis v1.99.1
Scan saved at 21:56:09, on 22/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Telefonica.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: Local Area Connection.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSzeb012
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.c...E/lotrttt_e.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.c...ds/iaieplay.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128207575928
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120250607314
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative....ClientNoMFC.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0D6910E-220D-4321-A327-BF4F215A6891}: NameServer = 85.255.113.148 85.255.112.203
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Dcom Helper (DcmHlp) - Unknown owner - C:\WINDOWS\dcmhelp.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: KLBLMain - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Windows Network Security Service (lsass) - Unknown owner - C:\WINDOWS\system\lsass.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

#12 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 22 April 2006 - 07:24 PM

Run hijackthis and click the scan button, when it has finished scanning then put a tick against the following, close all other browsers and windows and click 'fix checked'

O17 - HKLM\System\CCS\Services\Tcpip\..\{E0D6910E-220D-4321-A327-BF4F215A6891}: NameServer = 85.255.113.148 85.255.112.203

O23 - Service: Dcom Helper (DcmHlp) - Unknown owner - C:\WINDOWS\dcmhelp.exe (file missing)

O23 - Service: Windows Network Security Service (lsass) - Unknown owner - C:\WINDOWS\system\lsass.exe (file missing)

Boot into Safe Mode.
Windows 2000, XP:
1. Restart the computer
2. Watch the screen while it is black. After the BIOS memory check is done, start tapping the F8 key. If done right, the Windows Advanced Options Menu will appear.
3. Select Safe Mode from the menu. Starting Windows in Safe Mode may take several minutes

I am going to have you remove this bogus service by doing the following:
Click Start-> Run and type cmd in the Open: line. Click OK.
* Type or paste in the following in bold: sc delete DcmHlp
* Hit Enter
* Type: Exit
* Hit Enter

Locate and delete this file:
C:\WINDOWS\SYSTEM\DRIVER\dcmhelp.exe

Click Start-> Run and type cmd in the Open: line. Click OK.
* Type or paste in the following in bold: sc delete lsass
* Hit Enter
* Type: Exit
* Hit Enter

If your computer does not restart automatically, please restart it manually.

Reboot normally

After Reboot, "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#13 Claudio778

New Member

Authentic Member
10 posts

Posted 22 April 2006 - 07:48 PM

I did not find any dcmhelp.exe file under c:\windows\system

Here is the log
Logfile of HijackThis v1.99.1
Scan saved at 22:38:32, on 22/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Telefonica.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: Local Area Connection.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSzeb012
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.c...E/lotrttt_e.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.c...ds/iaieplay.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128207575928
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120250607314
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative....ClientNoMFC.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0D6910E-220D-4321-A327-BF4F215A6891}: NameServer = 85.255.113.148 85.255.112.203
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: KLBLMain - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

#14 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 22 April 2006 - 07:52 PM

Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL

Click "Start"> "Run"> type in Regedit tap Enter Key

Make sure "My Computer" is highlighted

Click "Edit"> "Find"
Type in 85.255.113.148 tap Enter Key.
Right Click on the file if found and select "Delete"

Tap the "F3" Key to find the next entry of the file. Continue using the "F3" Key until it's finished searching.

Close Regedit.

Empty Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#15 Claudio778

New Member

Authentic Member
10 posts

Posted 22 April 2006 - 08:08 PM

The computer behaved fine. Notting that got my attention.

Logfile of HijackThis v1.99.1
Scan saved at 22:57:43, on 22/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Cláudio.MICROSOF-6UJ69T\Desktop\HijackThis.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Maxthon\Maxthon.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Telefonica.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: Local Area Connection.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZSzeb012
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ\ICQLite\icq5\ICQLite.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EDE3059-2BF8-49C5-8640-4694550C444E} (IACache Class) - http://www.lotrdvd.c...E/lotrttt_e.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.c...ds/iaieplay.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128207575928
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1120250607314
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative....ClientNoMFC.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: KLBLMain - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Body Background

skin color theme