PDA

View Full Version : SpywareQuake


hussinyusof
2006-08-25, 05:50
hello... thanks for spending ur time to help me..

this is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 11:39:45 AM, on 8/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\HiJackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q105&bd=presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q105&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [U32 Agent] "C:\Program Files\Unforgiven Organizer\unage.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q105&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



and this is my panda activeScan log


Incident Status Location

Adware:Adware/SystemDoctor Not disinfected C:\Program Files\IntCodec\isaddon.dll
Adware:Adware/SystemDoctor Not disinfected C:\Program Files\IntCodec\isamini.exe
Adware:Adware/SystemDoctor Not disinfected C:\Program Files\IntCodec\isamonitor.exe
Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS\system32\viruxz.dll
Adware:adware/intcodec Not disinfected c:\program files\IntCodec
Adware:adware/systemdoctor Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287}
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Hussin\Cookies\hussin@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Hussin\Cookies\hussin@ads.pointroll[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Hussin\Cookies\hussin@as-us.falkag[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Hussin\Cookies\hussin@bravenet[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Hussin\Cookies\hussin@com[1].txt
Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Hussin\Cookies\hussin@malwarewipe[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Hussin\Cookies\hussin@questionmarket[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Hussin\Cookies\hussin@serving-sys[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Hussin\Cookies\hussin@stat.onestat[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Hussin\Cookies\hussin@statcounter[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Hussin\Cookies\hussin@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Hussin\Cookies\hussin@tribalfusion[1].txt
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Hussin\Local Settings\Temporary Internet Files\Content.IE5\0MG8NFC9\safetyhomepage[1].htm

thank you again ... and sorry for all the trouble
pskelley
2006-08-25, 18:34
Welcome to the forum, follow the directions in this link: http://forums.spybot.info/showthread.php?t=4015 When you finish the instructions, post the three logs in this same topic using the "Post Reply" button.

Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.

Thanks...pskelley
Safer Networking Forums

If you would like to let your thoughts be known about the lowlifes who put that junk on your computer, you can do that here:
If you have been infected by one of the SpyAxe family
http://forums.tomcoyote.org/index.php?showtopic=58063
http://www.malwarecomplaints.info/
hussinyusof
2006-08-26, 12:44
Logfile of HijackThis v1.99.1
Scan saved at 6:35:15 PM, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q105&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [U32 Agent] "C:\Program Files\Unforgiven Organizer\unage.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=Q105&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
hussinyusof
2006-08-26, 12:47
Ewido LOG

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:09:03 PM 8/26/2006

+ Scan result:



C:\Program Files\Seekmo\seekmo.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1122653960jtun_ensc1101.x00.full.zip/LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1122653960jtun_ensc1101.x01.full.zip/LURegWMI.exe -> Adware.Dm : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Local Settings\Temp\wups.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Start Menu\Programs\PurityScan -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Start Menu\Programs\PurityScan\PurityScan.lnk -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\PurityScan -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\PurityScan\OINSetup.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\PurityScan\PuritySCAN.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\PurityScan\PuritySCANUninstall.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnsapisv.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\ClickSpring -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PuritySCAN -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Start Menu\Programs\SpyQuake2.com -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Start Menu\Programs\SpyQuake2.com\SpyQuake2.com 2.3 Website.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Start Menu\Programs\SpyQuake2.com\SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Start Menu\Programs\SpyQuake2.com\Uninstall SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Start Menu\SpyQuake2.com 2.3.lnk -> Adware.SpywareQuake : Cleaned with backup (quarantined).
C:\Program Files\Seekmo\seekmohook.dll -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent.1 -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CLSID -> Adware.Zango : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ClientAX.RequiredComponent\CurVer -> Adware.Zango : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Local Settings\Temp\tmp7.tmp -> Not-A-Virus.Hoax.Win32.Renos.dp : Ignored.
C:\Documents and Settings\user\Cookies\user@217.73.66[2].txt -> TrackingCookie.217.73.66.16 : Cleaned.
:mozilla.155:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@adbrite.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@logodesignpros.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@powellsbooks.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@7search[1].txt -> TrackingCookie.7search : Cleaned.
:mozilla.179:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.48:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.49:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.50:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.51:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\user\Cookies\user@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\user\Cookies\user@site.www.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\user\Cookies\user@www.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\user\Cookies\user@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\user\Cookies\user@redir.adengage[1].txt -> TrackingCookie.Adengage : Cleaned.
C:\Documents and Settings\user\Cookies\user@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\user\Cookies\user@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\user\Cookies\user@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\user\Cookies\user@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\user\Cookies\user@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\user\Cookies\user@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\user\Cookies\user@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\user\Cookies\user@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\user\Cookies\user@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\user\Cookies\user@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\user\Cookies\user@crbanner.casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\user\Cookies\user@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\user\Cookies\user@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\user\Cookies\user@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\user\Cookies\user@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\user\Cookies\user@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\user\Cookies\user@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\user\Cookies\user@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\user\Cookies\user@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.80:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\user\Cookies\user@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\user\Cookies\user@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\user\Cookies\user@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\user\Cookies\user@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.85:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.73:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.74:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@ehg-boltmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@ehg-groupernetworks.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@ehg-boltmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@ehg-foxmovies.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@ehg-groupernetworks.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@ehg-ifilm.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@ehg-ignitemedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@ehg-interlifeform.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@ehg-liverpoolfctv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@ehg-playboy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\user\Cookies\user@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\user\Cookies\user@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.173:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.174:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.175:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\user\Cookies\user@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\user\Cookies\user@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\user\Cookies\user@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\user\Cookies\user@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\user\Cookies\user@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\user\Cookies\user@paycounter[1].txt ->
hussinyusof
2006-08-26, 12:49
TrackingCookie.Paycounter : Cleaned.
:mozilla.252:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.253:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.254:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.255:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\user\Cookies\user@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.225:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.226:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.227:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\user\Cookies\user@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\user\Cookies\user@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\user\Cookies\user@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\user\Cookies\user@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\user\Cookies\user@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.151:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.152:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.153:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.154:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@sexlist[2].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\user\Cookies\user@counter10.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\user\Cookies\user@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\user\Cookies\user@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\user\Cookies\user@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\user\Cookies\user@counter2.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\user\Cookies\user@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\user\Cookies\user@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\user\Cookies\user@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\user\Cookies\user@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\user\Cookies\user@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\user\Cookies\user@counter9.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\user\Cookies\user@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\user\Cookies\user@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@spylog[1].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\user\Cookies\user@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\user\Cookies\user@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
:mozilla.184:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.185:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.186:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.187:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.188:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.189:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.190:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.191:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.192:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.193:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.194:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\user\Cookies\user@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\user\Cookies\user@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\user\Cookies\user@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\user\Cookies\user@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.143:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\user\Cookies\user@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\user\Cookies\user@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.83:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\user\Cookies\user@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@vdn.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\user\Cookies\user@vdn.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\user\Cookies\user@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\user\Cookies\user@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.41:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.44:C:\Documents and Settings\Hussin\Application Data\Mozilla\Firefox\Profiles\5xxio42l.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\nen\Cookies\nen@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\user\Cookies\user@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Rapport

SmitFraudFix v2.81

Scan done at 16:44:44.95, Sat 08/26/2006
Run from C:\Documents and Settings\Hussin\Desktop\Malware Battle\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\viruxz.dll -> Hoax.Win32.Renos.gen.bHoax.Win32.Renos.gen.c
C:\WINDOWS\system32\viruxz.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


there u go.. thank you!!! and anybody know how to avoid getting hit again (twas my brother who brought this on to us)
pskelley
2006-08-26, 13:15
Good morning, thanks for returning the information. I review it in the opposite order than you posted, so let's look at your questions first.

and anybody know how to avoid getting hit again
Now I can not say with 100% certainty that this information is correct, but I will post it for you anyway in case it helps.
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=77495
This program changes the Windows Desktop to a picture that simulates a Windows fatal error, warning users that they have been affected by Trojan-Spy.HTML.Smitfraud.c. These kind of messages attempt to trick users into purchasing the fake antispyware program.
Smitfraud is installed in the affected computer by an adware program, detected as CWS.YEXE, which is downloaded while accessing several adult sites or pirated software sites.

Looks like the fix did the job, in the ewido scan I can see you are storing a load of junk cookies, both in IE and Firefaox, I will post information to help you stop that if you wish:
http://www.mvps.org/winhelp2002/cookies.htm
http://www.microsoft.com/windows/ie/using/howto/privacy/config.mspx
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html

We have a little more work to do and we will clean a little, this is a tutorial for the tool we will be using:
http://forums.security-central.us/showthread.php?t=1925

How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(this toolbar is not working right if at all without the file, if you use it install it again once we are done)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing)
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\IntCodec\iesplugin.dll (file missing)
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll

Close all programs but HJT and all browser windows, then click on "Fix Checked"

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\Program Files\Seekmo Programs\ <<< delete that folder if there.

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post a last HJT log, please let me know how the computer is running now.

Thanks

C:\Program Files\Java\j2re1.4.2_05\ <<< your Java program is badly outdated, it is going to get you a nasty infection if you don't keep it updated, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
tashi
2006-08-31, 06:07
Still with us hussinyusof?
tashi
2006-09-03, 05:19
This topic has been archived, if you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.


Thank you Phil.