Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malwarecrush Attack


  • This topic is locked This topic is locked
8 replies to this topic

#1 silfo80

silfo80

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 30 January 2008 - 12:08 PM

Hello folks,

I keep getting this malewarecrush icon in my toolbar that is attempting to lure me into installing a whole gob of malware. I hate it and I fear it is slowing down my machine. any help would be greatly appreciated.

The hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:20 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvrus.dll,startup
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6882 bytes

Thanks in advance

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 30 January 2008 - 04:38 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Download SmitfraudFix (by S!Ri)
Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.

Reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Once in Safe Mode, open the SmitfraudFix folder again.
Double-click smitfraudfix.cmd.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.

Please include rapport.txt, along with a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 silfo80

silfo80
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 30 January 2008 - 05:09 PM

Thanks so much for the reply.
Here is the info:
First SmitfraudFix
Rapport.txt

SmitFraudFix v2.274

Scan done at 16:45:26.12, Wed 01/30/2008
Run from C:\Documents and Settings\Brad's Profile\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts

127.0.0.1 localhost

Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix.exe by S!Ri


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6265B9FB-23F7-4C3B-9A36-540BCAECC165}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DCD1DD7D-7C66-4C48-8E88-4C6E9BF2C4F9}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6265B9FB-23F7-4C3B-9A36-540BCAECC165}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DCD1DD7D-7C66-4C48-8E88-4C6E9BF2C4F9}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6265B9FB-23F7-4C3B-9A36-540BCAECC165}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DCD1DD7D-7C66-4C48-8E88-4C6E9BF2C4F9}: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

And now HiJackthis.txt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:28 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvrus.dll,startup
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6735 bytes

also I have included a pic of the nasty thing:
Posted Image

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 31 January 2008 - 05:01 PM

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 silfo80

silfo80
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 31 January 2008 - 10:33 PM

And here it is:

ComboFix 08-01-23.1C - Brad's Profile 2008-01-31 22:30:22.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.957 [GMT -5:00]
Running from: C:\Documents and Settings\Brad's Profile\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-30 04:57 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-29 22:57 . 2008-01-30 16:45 3,746 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-29 15:42 . 2008-01-30 23:25 45 --a------ C:\TEST.XML
2008-01-28 11:01 . 2008-01-28 11:01 0 --a------ C:\WINDOWS\Irremote.ini
2008-01-27 11:02 . 2008-01-27 11:02 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-26 11:57 . 2008-01-26 11:57 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-01-25 12:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 12:09 . 2008-01-25 12:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 01:01 . 2008-01-25 01:01 1,130,098 --ahs---- C:\WINDOWS\system32\kscuxrsv.ini
2008-01-24 13:14 . 2008-01-24 13:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-24 13:13 . 2008-01-24 13:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 13:12 . 2008-01-24 13:12 <DIR> d-------- C:\Program Files\ClamWin
2008-01-24 12:41 . 2008-01-24 12:41 103,936 --a------ C:\WINDOWS\system32\drvrus.dll
2008-01-24 12:41 . 2008-01-24 12:41 54,764 --a------ C:\WINDOWS\system32\drivers\srtwe.sys
2008-01-23 21:08 . 2008-01-23 21:08 <DIR> d-------- C:\Program Files\Bonjour
2008-01-20 11:18 . 2008-01-21 09:23 <DIR> d-------- C:\Program Files\EA GAMES
2008-01-20 11:18 . 2004-08-17 22:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-01-15 22:50 . 2008-01-15 22:50 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-15 22:50 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-15 22:50 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-01-15 22:50 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-15 22:50 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-01-15 22:50 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-01-15 22:50 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-01-15 22:50 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-15 22:50 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-01-15 22:50 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-01-12 17:05 . 2008-01-28 11:13 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-12 17:03 . 2008-01-12 17:03 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-01-10 13:09 . 2008-01-29 18:47 <DIR> d-------- C:\Program Files\thriXXX
2008-01-04 11:22 . 2008-01-04 11:22 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-04 11:12 . 2008-01-04 11:12 <DIR> d-------- C:\Program Files\PowerISO
2008-01-03 08:46 . 2008-01-03 08:46 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-03 08:46 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-03 08:46 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-03 08:46 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-03 08:45 . 2008-01-03 08:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-03 08:45 . 2008-01-03 08:46 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-01 14:47 . 2008-01-01 14:47 <DIR> d-------- C:\Program Files\Azureus
2008-01-01 12:51 . 2008-01-01 12:51 <DIR> d-------- C:\Program Files\DVD Flick
2008-01-01 12:51 . 2004-03-09 00:00 1,081,616 --a------ C:\WINDOWS\system32\mscomctl.ocx
2008-01-01 12:51 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-01-01 12:51 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.ocx
2008-01-01 12:51 . 2000-05-19 17:56 81,920 --a------ C:\WINDOWS\system32\mbmouse.ocx
2008-01-01 12:51 . 2000-11-05 15:27 36,864 --a------ C:\WINDOWS\system32\trayicon.ocx
2008-01-01 11:55 . 2004-08-04 02:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-01 03:00 . 2008-01-01 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 02:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-20 21:46 439 ----a-w C:\WINDOWS\Fonts\LICENSE.txt
2008-01-18 20:51 764 ----a-w C:\WINDOWS\Fonts\Wilderness.txt
2008-01-15 18:07 --------- d-----w C:\Program Files\Semagic
2008-01-12 22:05 --------- d-----w C:\Program Files\Nero
2008-01-03 13:55 --------- d-----w C:\Program Files\DivX
2008-01-01 20:31 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-30 00:28 --------- d-----w C:\Program Files\TGTSoft
2007-12-29 23:36 --------- d-----w C:\Program Files\Aptana
2007-12-29 23:24 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-12-23 20:19 --------- d-----w C:\Program Files\Real
2007-12-23 20:19 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-23 20:19 --------- d-----w C:\Program Files\Common Files\Real
2007-12-23 14:16 --------- d-s---w C:\Program Files\Xfire
2007-12-23 01:21 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-12-23 01:21 --------- d-----w C:\Program Files\Java
2007-12-23 01:20 --------- d-----w C:\Program Files\Common Files\Java
2007-12-21 19:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-21 17:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-21 17:05 --------- d-----w C:\Program Files\Atari
2007-12-21 16:46 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-21 10:54 --------- d-----w C:\Program Files\HP
2007-12-21 10:54 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-20 21:47 --------- d-----w C:\Program Files\QuickTime
2007-12-20 21:47 --------- d-----w C:\Program Files\iTunes
2007-12-20 21:47 --------- d-----w C:\Program Files\iPod
2007-12-20 21:46 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-20 21:46 --------- d-----w C:\Program Files\Apple Software Update
2007-12-20 20:22 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-12-20 20:18 --------- d-----w C:\Program Files\Realtek AC97
2007-12-20 20:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-20 17:18 --------- d-----w C:\Program Files\D-Link
2007-12-20 17:18 --------- d-----w C:\Program Files\ANI
2007-12-20 17:03 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-20 17:00 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-14 00:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 14:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-03 23:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-29 22:30 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-29_21.39.48.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-31 00:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2007-12-23 08:01:01 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-30 20:18:59 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-23 08:01:01 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-30 20:18:59 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-01-09 14:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2000-08-31 13:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 10:20:32 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2000-08-31 13:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
- 2007-07-31 00:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-31 00:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-29 11:41 1245184]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-09-18 08:32 7204864]
"nwiz"="nwiz.exe" [2005-09-18 08:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-09-18 08:32 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 10:40 270336]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-23 15:19 185632]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 19:05 200704]
"MSDrive"="C:\WINDOWS\system32\drvrus.dll" [2008-01-24 12:41 103936]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-01-20 22:08 77824]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

C:\Documents and Settings\Brad's Profile\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2006-06-07 00:25:20 4154504]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe []
S4 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 14:56:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-21 09:37:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 22:32:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-31 22:32:40
ComboFix-quarantined-files.txt 2008-02-01 03:32:33
ComboFix2.txt 2008-01-30 04:44:35
ComboFix3.txt 2008-01-30 02:40:11
ComboFix4.txt 2008-01-26 21:52:15
ComboFix5.txt 2008-01-25 22:43:39
.
2008-01-09 15:16:07 --- E O F ---

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 02 February 2008 - 05:20 PM

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 silfo80

silfo80
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 03 February 2008 - 03:56 PM

Here it is:


Incident Status Location

Dialer:Dialer.KYO Not disinfected C:\WINDOWS\system32\drvrus.dll
Adware:adware/memorywatcher Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Brad's Profile\Application Data\Mozilla\Firefox\Profiles\m44vrtyj.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Brad's Profile\Application Data\Mozilla\Firefox\Profiles\m44vrtyj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Brad's Profile\Application Data\Mozilla\Firefox\Profiles\m44vrtyj.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Brad's Profile\Application Data\Mozilla\Firefox\Profiles\m44vrtyj.default\cookies.txt[.advertising.com/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Brad's Profile\Desktop\ComboFix.exe[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Brad's Profile\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brad's Profile\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Brad's Profile\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Brad's Profile\Desktop\SmitfraudFix\restart.exe
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest Profile\Application Data\Mozilla\Firefox\Profiles\vj6xoolt.default\cookies.txt[.com.com/]
Virus:Trj/Spammer.AFL Disinfected C:\QooBox\Quarantine\C\Program Files\Helper\1201196557.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bfykytly.dll.vir
Adware:Adware/WinAntiSpyware Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drvrusr.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qmjulsxf.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\relpotes.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ssqrqoo.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tsedshow.dll.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Spyware:Cookie/Atwola Not disinfected F:\Documents and Settings\Bradley Wrenn\Application Data\Mozilla\Firefox\Profiles\ivwd9yi0.Default User\cookies.txt[.atwola.com/]
Adware:Adware/Eztracks Not disinfected F:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258296.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258300.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258303.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258311.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258314.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258319.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258319.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258321.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258321.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258324.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258324.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258327.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258327.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258329.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258329.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258332.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258332.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258336.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258336.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258344.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258344.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258346.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258346.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258349.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258349.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258352.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258352.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258354.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258354.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258359.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258359.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258365.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258365.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258367.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258367.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258369.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258369.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258372.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258372.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258374.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258374.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258378.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258378.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258383.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258390.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258393.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258393.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258397.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258397.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258399.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258399.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258404.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258404.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258406.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258406.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258409.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258409.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258412.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258412.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258420.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258420.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258422.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258422.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258424.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258424.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258428.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258428.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258432.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258432.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258435.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258435.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258437.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258437.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258440.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258440.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258444.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258444.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258446.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258446.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258448.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258448.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258498.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258498.MOZ[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258617.MOZ[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258684.MOZ[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258686.MOZ[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258688.MOZ[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258731.MOZ[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258737.MOZ[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258742.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258744.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258744.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258752.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258757.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258757.MOZ[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00258759.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00258762.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00258765.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00258776.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00258786.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00258794.MOZ[.com.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258794.MOZ[.xiti.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258847.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258849.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258868.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258894.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258903.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258908.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258910.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/adultfriendfinder Not disinfected F:\RECYCLER\NPROTECT\00258912.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258954.MOZ[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00258961.MOZ[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00259267.MOZ[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected F:\RECYCLER\NPROTECT\00259279.MOZ[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00259353.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00259356.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00259360.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00259364.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00259367.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00259425.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00259438.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00259448.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00259450.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected F:\RECYCLER\NPROTECT\00259454.MOZ[.com.com/]
Virus:Bck/Prosti.B Disinfected F:\WINDOWS\svchost.exe

Thanks for all your help,
Silfo80

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 05 February 2008 - 03:25 PM

Please empty your Recycle Bin, then give me some information about how things seem to be running now.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 14 February 2008 - 12:08 PM

Since this issue appears to be resolved, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users