Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Crashes After 30minutes


  • Please log in to reply
5 replies to this topic

#1 Phoenix87

Phoenix87

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 28 June 2006 - 01:45 AM

I had some trojan horses and adware. With Ad-Aware, Spy Sweeper and Sophos Antivirus removed most of them but still after 30min or so work Windows crashes. When I try to start something messages like "Cannot initialize application" appear, the icons in my start menu change and stop to work.

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 09:33:47, on 28.6.2006 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINXP\system32\nvsvc32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINXP\system32\tcpsvcs.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINXP\system32\dcomcfg.exe
C:\WINXP\Mixer.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\IntelligentWakeUp\IntelligentWakeUp.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.okbg.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINXP\system32\hp100.tmp
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - Startup: BitComet.lnk = C:\Program Files\BitComet\BitComet.exe
O4 - Startup: IntelligentWakeUp.lnk = C:\Program Files\IntelligentWakeUp\IntelligentWakeUp.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\GAMES\VCPOKE~1\client.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Games\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Games\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.okbg.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O20 - Winlogon Notify: cfgmngr32 - C:\WINXP\g20420533.dll
O20 - Winlogon Notify: winprb32 - C:\WINXP\SYSTEM32\winprb32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINXP\SYSTEM32\WRLogonNTF.dll
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 28 June 2006 - 06:10 AM

Download: DelDomains.inf
  • Locate DelDomains.inf
  • Right-click and select "Install"
Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Don't use it yet.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Scan again with HijackThis and check the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.okbg.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINXP\system32\hp100.tmp

O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com

O20 - Winlogon Notify: cfgmngr32 - C:\WINXP\g20420533.dll
O20 - Winlogon Notify: winprb32 - C:\WINXP\SYSTEM32\winprb32.dll

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Stay in Safe Mode and open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process, you can close it - the file has already been saved.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

Finally, please post the contents of the text file that opened earlier (you can find it at C:\rapport.txt ), the contents of the logfile c\windelf.txt, along with a new HijackThis log and the contents of the ActiveScan report.

Warning : running option #2 on a non infected computer will remove your Desktop background.

Edited by didom, 28 June 2006 - 06:11 AM.


#3 Phoenix87

Phoenix87
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 28 June 2006 - 11:11 AM

Thanks a lot. I think that the problem with windows crashing is solved, but Panda ActiveScan showed tons of other spyware. Maybe tomorrow I will format because all these scans take too much time and with format it will be quicker. Here are the logfiles:

SmitFraudFix v2.65

Scan done at 15:12:51,05, 28.06.2006 Ј.
Run from C:\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"

[HKEY_CLASSES_ROOT\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32]
@="C:\WINXP\system32\hvcycg.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32]
@="C:\WINXP\system32\hvcycg.dll"


Killing process


Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINXP\system32\hvcycg.dll -> Missing File


Deleting infected files

C:\WINXP\system32\dcomcfg.exe Deleted
C:\WINXP\system32\ld????.tmp Deleted
C:\WINXP\system32\ot.ico Deleted
C:\WINXP\system32\regperf.exe Deleted
C:\WINXP\system32\simpole.tlb Deleted
C:\WINXP\system32\stdole3.tlb Deleted
C:\WINXP\system32\ts.ico Deleted
C:\WINXP\system32\1024\ Deleted
C:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End



************************
* WIN32DELFKIL LOGFILE *
************************
by Marckie


BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------
g3405216.dll
g4562740.dll
g14370153.dll
g20420533.dll
compstuic.dll

File(s) found in system32 folder
--------------------------------

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"
"{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"


sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00605
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}]
@="C:\\WINXP\\g20420533.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InprocServer32]
@="C:\\WINXP\\g20420533.dll"
"ThreadingModel"="Apartment"


sharedtaskkey: 7916f057-223f-4612-ac84-e882cbe043d4
---------------------------------------------------
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}]

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32]
@="C:\\WINXP\\system32\\hvcycg.dll"
"ThreadingModel"="Apartment"



Notify key
----------
subkey cfgmngr32 is present!



AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------
g3405216.dll
g4562740.dll
g14370153.dll
g20420533.dll

File(s) found in system32 folder
--------------------------------
Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"


sharedtaskkey: 7916f057-223f-4612-ac84-e882cbe043d4
---------------------------------------------------
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}]

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{7916f057-223f-4612-ac84-e882cbe043d4}\InProcServer32]
@="C:\\WINXP\\system32\\hvcycg.dll"
"ThreadingModel"="Apartment"



Notify key
----------


Logfile of HijackThis v1.99.1
Scan saved at 19:07:27, on 28.6.2006 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\WINXP\system32\nvsvc32.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINXP\system32\tcpsvcs.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINXP\Mixer.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\IntelligentWakeUp\IntelligentWakeUp.exe
C:\Program Files\Opera\Opera.exe
C:\WINXP\system32\regsvr32.exe
C:\WINXP\TEMP\h91746.exe
C:\WINXP\system32\regsvr32.exe
C:\WINXP\system32\regsvr32.exe
C:\WINXP\system32\regsvr32.exe
C:\WINXP\TEMP\win62A.tmp.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [e070ef33.exe] C:\WINXP\system32\e070ef33.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [e070ef33.exe] C:\Documents and Settings\Administrator\Local Settings\Application Data\e070ef33.exe
O4 - Startup: BitComet.lnk = C:\Program Files\BitComet\BitComet.exe
O4 - Startup: IntelligentWakeUp.lnk = C:\Program Files\IntelligentWakeUp\IntelligentWakeUp.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\GAMES\VCPOKE~1\client.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Games\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Games\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.okbg.net
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgBG2404.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: cfgmngr32 - C:\WINXP\g11931556.dll
O20 - Winlogon Notify: winprb32 - C:\WINXP\SYSTEM32\winprb32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINXP\SYSTEM32\WRLogonNTF.dll
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


Panda ActiveScan (I stopped it when began scanning d:\ because it have passed 2-3 hours)

Incident Status Location

Adware:Adware/SystemDoctor Not disinfected c:\winxp\system32\e070ef33.exe
Adware:Adware/Miamore Not disinfected C:\WINXP\g2073141.dll
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WPMN4DA3\SystemDoctor2006FreeInstall[1].exe
Adware:Adware/SystemDoctor Not disinfected C:\WINXP\TEMP\h91746.exe
Adware:Adware/CWS Not disinfected C:\WINXP\g801011.dll
Adware:Adware/PurityScan Not disinfected C:\WINXP\system32\winprb32.dll
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/miamore Not disinfected Windows Registry
Adware:adware/cws Not disinfected Windows Registry
Adware:adware/winres Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/morwillsearch Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Downloads\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Downloads\win32delfkil\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Downloads\SmitfraudFix\Process.exe
Virus:Trj/Spammer.BA Disinfected C:\WINXP\system32\adl.exe
Virus:Trj/Spammer.BA Disinfected C:\WINXP\system32\d39b8d14.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINXP\system32\Process.exe
Adware:Adware/Miamore Not disinfected C:\WINXP\g3405216.dll
Adware:Adware/CWS Not disinfected C:\WINXP\g4562740.dll
Adware:Adware/Miamore Not disinfected C:\WINXP\g14370153.dll
Adware:Adware/Miamore Not disinfected C:\WINXP\g20420533.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINXP\temp\win85.tmp
Adware:Adware/SystemDoctor Not disinfected C:\WINXP\temp\win62A.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINXP\temp\win76E.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XOGFHH0T\srvlun[1].exe
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XOGFHH0T\srvqis[1].exe
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Administrator\Local Settings\Application Data\e070ef33.exe
Virus:Trj/Spammer.BA Disinfected C:\Documents and Settings\Administrator\Local Settings\Application Data\d39b8d14.exe
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@winfixer[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.counter.hitslink.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.fe.lea.lycos.fr/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.bfast.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.server.iad.liveperson.net/hc/34292599]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.qsrch.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.landing.domainsponsor.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.revenue.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.2o7.net/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.revenue.net/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.stats1.reliablestats.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.kmpads.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.ehg-ubisoft.hitbox.com/]
Spyware:Cookie/Hypercount Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.hypercount.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.centrport.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.com.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.adtech.de/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.888.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.server.iad.liveperson.net/hc/LPplayersonly]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.bilbo.counted.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.go.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mcwcr28y.default\cookies.txt[.xiti.com/]

#4 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 28 June 2006 - 01:16 PM

Maybe tomorrow I will format because all these scans take too much time and with format it will be quicker.

Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.

So If you know how to format properly I would agree with that!

#5 Phoenix87

Phoenix87
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 29 June 2006 - 12:53 AM

Formated and everything is fine :thumbsup:

#6 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:34 PM

Posted 29 June 2006 - 05:11 AM

Good job!

This log looks clean!
  • Don't forget to re-hide all files and folders. To re-hide all files and folders:
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading deselect "Show hidden files and folders".
    • Check the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.
  • This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

    Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

    Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

    This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts. If you are running Windows XP make sure you get updated to SP-2!!

    Please post back if you are still having any problems....

    Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users