Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cpu Usage By Svchost And Explorer.exe


  • Please log in to reply
10 replies to this topic

#1 WIS

WIS

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 23 September 2006 - 02:45 AM

A while ago, my computer decided to freeze every now and then, and I figured out that svchost.exe, sometimes, uses near max of my CPU (it has never done so before). But now, it's mostly the problem that explorer.exe will suddenly end, and then it'll startup again but this time taking near max of CPU.

Also, sometimes I see IEXPLORER.exe when I CTRL+SHIFT+DEL. I use firefox, and I would rarely have internet explorer open. The few times that I do, I get bombarded with popups upon initiation.

Help is very much appreciated.


-----------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 0:37:23, on 2006-9-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\{584614C8-0216-2052-0731-000505200056}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\u\Desktop\jytdj\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\u\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

BC AdBot (Login to Remove)

 


#2 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:07:30 PM

Posted 23 September 2006 - 06:34 AM

Hi WIS, you got some infections.

Create a new folder to your desktop and name it to HijackThis. Move HijackThis.exe into that folder.
Please rename HijackThis.exe to Scanner.exe

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply along with a fresh HijackThis (scanner.exe) log.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!
UNITE & ASAP member since 2006
Posted Image
Posted Image

#3 WIS

WIS
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 23 September 2006 - 02:58 PM

SmitFraudFix v2.99

Scan done at 12:55:42.48, 2006-09-23 星期六
Run from C:\Documents and Settings\u\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

换换换换换换换换换换换换 C:\


换换换换换换换换换换换换 C:\WINDOWS


换换换换换换换换换换换换 C:\WINDOWS\system


换换换换换换换换换换换换 C:\WINDOWS\Web


换换换换换换换换换换换换 C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico FOUND !

换换换换换换换换换换换换 C:\Documents and Settings\u\Application Data


换换换换换换换换换换换换 Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

换换换换换换换换换换换换 C:\DOCUME~1\u\FAVORI~1

C:\DOCUME~1\u\FAVORI~1\Antivirus Test Online.url FOUND !

换换换换换换换换换换换换 Desktop


换换换换换换换换换换换换 C:\Program Files

C:\Program Files\Safety Bar\ FOUND !

换换换换换换换换换换换换 Corrupted keys


换换换换换换换换换换换换 Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


换换换换换换换换换换换换 Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"



换换换换换换换换换换换换 AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="MsgPlusLoader.dll"


换换换换换换换换换换换换 pe386-msguard-lzx32


换换换换换换换换换换换换 Scanning wininet.dll infection


换换换换换换换换换换换换 End


----


Fresh HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:57:18, on 2006-9-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\{584614C8-0216-2052-0731-000505200056}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\u\Desktop\HijackThis\Scanner.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A67F78D4-15E2-40E2-B6A6-D56AFD7268F9} - C:\WINDOWS\system32\oppoo.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\lmykyecx.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\u\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: oppoo - C:\WINDOWS\system32\oppoo.dll
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

#4 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:07:30 PM

Posted 24 September 2006 - 01:41 AM

Hi again,we'll continue :thumbsup:

Do not use BitComet during the cleaning process.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Please post the contents of C:\vundofix.txt and a new HiJackThis log too.

Warning : running option #2 on a non infected computer will remove your Desktop background.
UNITE & ASAP member since 2006
Posted Image
Posted Image

#5 WIS

WIS
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 24 September 2006 - 04:15 AM

Rapport.txt

SmitFraudFix v2.99

Scan done at 2:05:18.88, 2006-09-24 星期日
Run from C:\Documents and Settings\u\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

换换换换换换换换换换换换 Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


换换换换换换换换换换换换 Killing process


换换换换换换换换换换换换 Generic Renos Fix

GenericRenosFix by S!Ri


换换换换换换换换换换换换 Deleting infected files

C:\WINDOWS\system32\ot.ico Deleted
C:\DOCUME~1\u\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Safety Bar\ Deleted

换换换换换换换换换换换换 Deleting Temp Files


换换换换换换换换换换换换 Registry Cleaning

Registry Cleaning done.

换换换换换换换换换换换换 After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


换换换换换换换换换换换换 End



Vundofix.txt

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.4

Scan started at 0:30:31 2006-9-24

Listing files found while scanning....

C:\WINDOWS\system32\awtstsp.dll
C:\WINDOWS\system32\lmykyecx.dll
C:\WINDOWS\system32\oppoo.dll
C:\WINDOWS\system32\ooppo.ini
C:\WINDOWS\system32\ooppo.bak1
C:\WINDOWS\system32\ooppo.bak2
C:\WINDOWS\system32\ooppo.ini2
C:\WINDOWS\system32\ooppo.tmp
C:\WINDOWS\system32\ayfnyroi.exe
C:\WINDOWS\system32\hpmubhkw.exe
C:\WINDOWS\system32\qguegnte.exe
C:\WINDOWS\system32\Drivers\DP.sys

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtstsp.dll
C:\WINDOWS\system32\awtstsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmykyecx.dll
C:\WINDOWS\system32\lmykyecx.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\oppoo.dll
C:\WINDOWS\system32\oppoo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ooppo.ini
C:\WINDOWS\system32\ooppo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ooppo.bak1
C:\WINDOWS\system32\ooppo.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ooppo.bak2
C:\WINDOWS\system32\ooppo.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ooppo.ini2
C:\WINDOWS\system32\ooppo.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ooppo.tmp
C:\WINDOWS\system32\ooppo.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ayfnyroi.exe
C:\WINDOWS\system32\ayfnyroi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hpmubhkw.exe
C:\WINDOWS\system32\hpmubhkw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qguegnte.exe
C:\WINDOWS\system32\qguegnte.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\Drivers\DP.sys
C:\WINDOWS\system32\Drivers\DP.sys Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.4

Scan started at 1:48:08 2006-9-24

Listing files found while scanning....

C:\WINDOWS\system32\lmykyecx.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\lmykyecx.dll
C:\WINDOWS\system32\lmykyecx.dll Has been deleted!

Performing Repairs to the registry.
Done!


Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 2:14:02, on 2006-9-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\{584614C8-0216-2052-0731-000505200056}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\u\Desktop\jytdj\HijackThis\Scanner.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A67F78D4-15E2-40E2-B6A6-D56AFD7268F9} - C:\WINDOWS\system32\oppoo.dll (file missing)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\lmykyecx.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\u\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe


Thanks for all your time. :thumbsup:

#6 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:07:30 PM

Posted 24 September 2006 - 08:22 AM

hi again, we'll continue

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download and install ewido anti-spyware 4.0
  • Open ewido anti-spyware
  • Click on the Update icon at the top of the window
    • Click on the Start update button
    • Wait for the update to download and install
  • Click Guard
  • Click under "resident shield is"
  • Change it from active to inactive
  • Quit the program, well use this later.
Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.

Stop the following processes using Task Manager (press ctrl+alt+del, select the Processes tab, highlight the first process in the list and click End Process). Continue through the list (one at a time) until all processes have been ended. If something isn't found, please continue with the next process in the list.

Update.exe

Then, Download this file - combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Please save this log to your desktop.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O2 - BHO: (no name) - {A67F78D4-15E2-40E2-B6A6-D56AFD7268F9} - C:\WINDOWS\system32\oppoo.dll (file missing)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\lmykyecx.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O15 - Trusted Zone: http://locator.cdn.imageservr.com

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

NOTE The following will clear all of your cookies, forms and history from FireFox. Feel free to skip this step.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
NOTE: The following will clear all of your cookies, forms and history from Opera. Feel free to skip this step.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now scan your computer with Ewido.
  • Open Ewido
  • Click on the Scanner icon at the top of the window
  • Click on the Settings tab then select Recommended Options and choose Quarantine
  • Click on the Scan tab
  • Select Complete System Scan. Ewido will now begin to scan your system
[*]When the scan has completed, if infections were found, press Apply all actions .
[*]Then click on the Save Scan Report button and save the scan to your Desktop where it can be easily found
[*]Copy and paste the scan results into your next post.
[/list]When you're ready, post the following logs to here:
- Ewido's report
- a fresh HijackThis log
- combofix log
UNITE & ASAP member since 2006
Posted Image
Posted Image

#7 WIS

WIS
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 25 September 2006 - 05:30 PM

Ewido -

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:25:15 2006-9-25

+ Scan result:



HKU\S-1-5-21-1801674531-920026266-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gyvgqyhb.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Cleaned with backup (quarantined).
:mozilla.467:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.120:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.121:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.133:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.140:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.145:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.146:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.147:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.153:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.679:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.685:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.464:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.465:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.466:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.558:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.559:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.839:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.840:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.841:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.842:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.166:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.182:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.174:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.175:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.173:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.342:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.343:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.810:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.577:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.578:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.579:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.580:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.167:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.811:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.812:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.560:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.561:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.562:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.563:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.410:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.414:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.430:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.431:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.432:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.435:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.502:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.503:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.504:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.505:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.506:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.507:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.508:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.509:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.510:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.511:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.512:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.513:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.514:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.515:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.516:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.517:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.518:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.519:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.520:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.521:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.522:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.523:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.524:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.525:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.526:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.527:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.528:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.529:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.530:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.531:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.532:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.533:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.534:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.535:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.536:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.537:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.538:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.539:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.540:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.541:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.542:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.543:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.544:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.545:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.546:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.547:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.548:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.549:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.550:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.551:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.176:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.178:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.804:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.772:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.773:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.774:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.775:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.776:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.777:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.285:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.783:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.784:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.555:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.278:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.279:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.284:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.235:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\u\Application Data\Mozilla\Firefox\Profiles\b94rnx9x.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end



Combofix -

u - 06-09-25 0:33:28.15 Service Pack 2
ComboFix 06.09.25 - Running from: "C:\Documents and Settings\u\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{584614C8-0216-2052-0731-000505200056}


((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 ))))))))))))))))))))))))))))))))))


2006-09-23 13:53 45,525 --a------ C:\WINDOWS\system32\jktqxjuj.dll
2006-09-18 08:20 40,980 --a------ C:\WINDOWS\system32\jtkyosrr.exe
2006-08-31 22:48 2,560 --a------ C:\WINDOWS\system32\BitCometRes.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-25 00:35 -------- d-------- C:\Program Files\Common Files
2006-09-25 00:31 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-25 00:10 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-22 23:11 -------- d-------- C:\Program Files\BitComet
2006-09-22 08:27 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-22 08:24 -------- d-------- C:\Program Files\Symantec
2006-09-22 08:23 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-21 23:54 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-09-21 23:36 -------- d-------- C:\Program Files\shanda
2006-09-21 23:35 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-21 23:31 -------- d-------- C:\Program Files\abcMover
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-15 16:35 -------- d-------- C:\Program Files\AIM
2006-09-04 22:48 -------- d-------- C:\Program Files\LimeWire
2006-09-04 22:36 -------- d-------- C:\Program Files\Opera
2006-09-04 22:36 -------- d-------- C:\Program Files\Messenger
2006-09-04 22:36 -------- d-------- C:\Program Files\MagicISO
2006-09-04 22:36 -------- d-------- C:\Program Files\LD-Anime
2006-08-31 15:55 -------- d-------- C:\Documents and Settings\u\Application Data\IMVU
2006-08-30 12:55 -------- d-------- C:\Program Files\e-Games
2006-08-29 00:36 -------- d-------- C:\Program Files\Neopets
2006-08-29 00:36 -------- d-------- C:\Documents and Settings\u\Application Data\Neopets Toolbar
2006-08-21 12:23 13844 --a------ C:\WINDOWS\system32\gyvgqyhb.exe
2006-08-20 17:43 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-08-12 03:04 -------- d-------- C:\Program Files\Internet Explorer
2006-08-11 23:05 -------- d---s---- C:\Documents and Settings\u\Application Data\Microsoft
2006-08-11 23:04 -------- d-------- C:\Program Files\MSN Messenger
2006-08-10 13:36 -------- d-------- C:\Program Files\tencent
2006-08-07 12:07 -------- d-------- C:\Program Files\Alwil Software
2006-08-07 09:25 -------- d-------- C:\Program Files\WinRAR
2006-08-07 09:25 -------- d-------- C:\Program Files\SmartFTP Client 2.0
2006-08-06 16:42 -------- d-------- C:\Documents and Settings\u\Application Data\Lavasoft
2006-08-06 16:41 -------- d-------- C:\Program Files\Lavasoft
2006-07-27 06:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 16:06 -------- d-------- C:\Program Files\Stardock
2006-07-21 01:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Symantec Fax Starter Edition Port.lnk"
"backup"="C:\\WINDOWS\\pss\\Symantec Fax Starter Edition Port.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\1033\\OLFSNT40.EXE "
"item"="Symantec Fax Starter Edition Port"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^u^Start Menu^Programs^Startup^abcMover1.3.lnk]
"path"="C:\\Documents and Settings\\u\\Start Menu\\Programs\\Startup\\abcMover1.3.lnk"
"backup"="C:\\WINDOWS\\pss\\abcMover1.3.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\abcMover\\abcMov13.exe /m"
"item"="abcMover1.3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^u^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\u\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\adobemgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="adobemgr"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\adobemgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSPY2002]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ImScInst"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpySweeper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpySweeper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Mon 2006-09-25 0:36:34.93
ComboFix.txt


Edited by WIS, 25 September 2006 - 06:37 PM.


#8 WIS

WIS
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 25 September 2006 - 06:38 PM

Sorry, my last post kept on cutting off my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 15:28:38, on 2006-9-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\u\Desktop\jytdj\HijackThis\Scanner.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\u\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

#9 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:07:30 PM

Posted 25 September 2006 - 11:05 PM

Ok looks quite good... :thumbsup:

Make your hidden files visible:
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Uncheck "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.
Go to the My Computer and delete the following files (if present):
C:\WINDOWS\system32\jktqxjuj.dll
C:\WINDOWS\system32\jtkyosrr.exe

Then you should update your Java to the latest version (5.0 update 8)
  • Start
  • Control Panel
  • Add/Remove Programs
  • Delete the old Java, J2SE Runtime Environment 5.0 Update 6
  • Then we'll get the latest version of Java -> LINK
  • Scroll down to Java Runtime Environment (JRE) 5.0 Update 8
  • Download & install it
Then you seem to have disabled some of Norton's startup entries with MSConfig.
This is not recommended since it may lower Norton's protection. You should enable these entries again.

Please let me know how the computer is running :flowers:
UNITE & ASAP member since 2006
Posted Image
Posted Image

#10 WIS

WIS
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 26 September 2006 - 01:30 AM

Thank you so much, Mr Jak! :D

My system runs much smoother now. :thumbsup: Of course, that isn't saying much because I have a Celeron 533mhz, but thanks a bunch anyways. :flowers:

#11 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:07:30 PM

Posted 26 September 2006 - 11:42 AM

Ok good, you're clean now :thumbsup:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Clear your system restore
    This will clear the system restore folders from possible malware that was left behind during the cleaning process.
  • Use ATF Cleaner
    Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
  • Use Ad-Aware
    Download and install Ad-Aware. Update it and scan your computer regularly with it.
  • Use Ewido
    Update it and scan your computer regularly with it.
  • Use Spybot S&D
    Download and install Spybot S&D. Update it and scan your computer regularly with it.
  • Install SpywareBlaster
    SpywareBlaster will prevent spyware from being installed.
  • Install MVPS Hosts file
    This prevents your computer from connecting to harmful sites.
  • Use Firefox browser
    Firefox is faster, safer and better browser than Internet Explorer.
  • Keep your systen up-to-date
    Visit Windows Update regularly.
  • Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.
  • Read this article by TonyKlein
    So how did I get infected in the first place?

UNITE & ASAP member since 2006
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users