-
Command Service
I am unable to remove command service. I have run Spybot v1.4, Adaware, and Norton antivirus pro 2003. Spybot is unable to delete the command service files. What are the symptoms of a command service infection? My computer seems to be running slower and I am continually getting a large number of pop ups. Are these symptoms the result of command service?
Here's a copy of my logfiLogfile of HijackThis v1.99.1 Please help!
Scan saved at 10:11:39 AM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\netmedia.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\SCURIT~1\javaw.exe
C:\WINDOWS\M?crosoft\n?tepad.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\JANRAL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R3 - URLSearchHook: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\khfcbbc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {9A7920B9-ED0A-9ED9-7B90-C79E8B17079D} - C:\WINDOWS\system32\pcsierhb.dll (file missing)
O2 - BHO: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\Run: [qzz457fc] RUNDLL32.EXE w0471b8d.dll,n 006457f60000000a0471b8d
O4 - HKLM\..\Run: [win3208484168346] C:\WINDOWS\win3208484168346.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Toai] "C:\PROGRA~1\COMMON~1\SCURIT~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Cbtbpk] C:\WINDOWS\M?crosoft\n?tepad.exe
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe
O16 - DPF: {05574F48-FEE1-4A0A-9013-B8A85C7C6CCE} (VacPro.int_ver20a) - http://www.muiegaozsicur.com/ocx/can_ver20a.CAB
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.69.85.208/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/ac...pv2.0.0.9.cab?
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: khfcbbc - khfcbbc.dll (file missing)
O21 - SSODL: CTEiNjJGIZs - {322B1209-9881-B8A3-9FBE-DD6262AB8BD6} - C:\WINDOWS\system32\nkl.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
-
In Memoriam -Always in our heart
Hello high tech,
Welcome to Safer Networking Forums
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.
Thanks,
tea
-
Command service /combo fix
I have run combo fix and posted the log below. I was unable to include the latest highjackthis log as the reply text was too long and an error resulted. I had to shorten it to less than 2000 characters. I will include the latest highjack this log on my next reply thnx. - 06-11-04 16:47:34.43 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Desktop"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\clsid\{503AB937-922F-4DA3-A66D-D7CC806F1180}]
@=""
[HKEY_CLASSES_ROOT\clsid\{503AB937-922F-4DA3-A66D-D7CC806F1180}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{503AB937-922F-4DA3-A66D-D7CC806F1180}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{503AB937-922F-4DA3-A66D-D7CC806F1180}\InprocServer32]
@="C:\\WINDOWS\\system32\\ajdiosrv.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\c800lidm180a.dll
C:\WINDOWS\system32\m4rm0e91eh.dll
C:\WINDOWS\system32\nv0029dmg.dll
C:\WINDOWS\system32\fplm0331e.dll
C:\WINDOWS\system32\gpjsl3171.dll
C:\WINDOWS\system32\e0jm0a11ed.dll
C:\WINDOWS\system32\l62s0gf7e62.dll
Granting sedebugprivilege to Administrators ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\deskbar_e34.exe
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\{322B1208-0710-4105-0816-040409150001}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\WINDOWS\MCROSO~1
C:\QooBox\Purity\WINDOWS\SSEMBL~1
C:\QooBox\Purity\WINDOWS\MCROSO~1\n?tepad.exe
C:\QooBox\Purity\Program Files\Common Files\DOBE~1
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\javaw.exe
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0000
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0001
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0002
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0003
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0004
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1\s?curity\ctxad-505.0005
C:\QooBox\Purity\Documents and Settings\Application Data\TSKS~1
((((((((((((((((((((((((((((((( Files Created from 2006-10-04 to 2006-11-04 ))))))))))))))))))))))))))))))))))
2006-10-29 09:58 131,072 --a------ C:\WINDOWS\system32\fkdlg.dll
2006-10-24 21:20 1 --a------ C:\WINDOWS\system32\au3305adc.dll
2006-10-24 21:19 39,264 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-10-23 17:11 2 --a------ C:\WINDOWS\system32\wnscpsv.exe
2006-10-23 17:11 1,259 --a------ C:\WINDOWS\system32\qzz457fc.sys
2006-10-23 17:10 5,120 --a------ C:\nrypyd.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-30 09:41 125 ---hs---- C:\Documents and Settings\Application Data\.zreglib
2006-10-29 12:24 -------- d-------- C:\Documents and Settings\Application Data\Sun
2006-10-29 12:20 -------- d-------- C:\Program Files\Java
2006-10-24 21:22 -------- d-------- C:\Documents and Settings\Application Data\dvdcss
2006-10-24 21:19 -------- d-------- C:\Program Files\Apollo DVD Copy
2006-10-24 17:22 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-10-23 23:31 -------- d-------- C:\Program Files\hijackthis
2006-10-23 17:11 -------- d--h----- C:\Program Files\BHO Plugin
2006-10-05 11:11 875 --a------ C:\Documents and Settings\Application Data\AdobeDLM.log
2006-10-05 11:11 0 --a------ C:\Documents and Settings\Application Data\dm.ini
2006-09-28 19:03 27648 --a------ C:\WINDOWS\netmedia.exe
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-12 22:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 08:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 05:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-16 04:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"{29123221-3AF8-488c-85DE-6B3EC59E8074}"="C:\\WINDOWS\\netmedia.exe -s"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Toai"="\"C:\\PROGRA~1\\COMMON~1\\SCURIT~1\\javaw.exe\" -vt yazb"
"Cbtbpk"="C:\\WINDOWS\\M?crosoft\\n?tepad.exe"
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NWEReboot"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"{29123221-3AF8-488c-85DE-6B3EC59E8074}"="C:\\WINDOWS\\netmedia.exe -s"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
"qzz457fc"="RUNDLL32.EXE w0471b8d.dll,n 006457f60000000a0471b8d"
"win3208484168346"="C:\\WINDOWS\\win3208484168346.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,98,00,00,00,00,00,00,00,e8,03,00,00,3f,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\windows\\system32\\_mzu_stonedrv8.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{0E24427B-DF2A-40EB-980B-A819F5FF3DD0}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"CTEiNjJGIZs"="{322B1209-9881-B8A3-9FBE-DD6262AB8BD6}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Background Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\EPSON Background Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\EPSON Background Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\EPSON\\ESM2\\STMS.exe "
"item"="EPSON Background Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="point32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="type32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wwDisp"
"hkey"="HKCU"
"command"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcbbc
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
Logfile of HijackThis v1.99.1
-
highjack this/combo fix
Per my previous reply. Here is my latest highjack this log. It was run after combo fix. thnx.
ALogfile of HijackThis v1.99.1
Scan saved at 5:08:46 PM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\netmedia.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\JANRAL~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R3 - URLSearchHook: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\khfcbbc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {9A7920B9-ED0A-9ED9-7B90-C79E8B17079D} - C:\WINDOWS\system32\pcsierhb.dll (file missing)
O2 - BHO: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\Run: [qzz457fc] RUNDLL32.EXE w0471b8d.dll,n 006457f60000000a0471b8d
O4 - HKLM\..\Run: [win3208484168346] C:\WINDOWS\win3208484168346.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Toai] "C:\PROGRA~1\COMMON~1\SCURIT~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Cbtbpk] C:\WINDOWS\M?crosoft\n?tepad.exe
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe
O16 - DPF: {05574F48-FEE1-4A0A-9013-B8A85C7C6CCE} (VacPro.int_ver20a) - http://www.muiegaozsicur.com/ocx/can_ver20a.CAB
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.69.85.208/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/ac...pv2.0.0.9.cab?
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: khfcbbc - khfcbbc.dll (file missing)
O21 - SSODL: CTEiNjJGIZs - {322B1209-9881-B8A3-9FBE-DD6262AB8BD6} - C:\WINDOWS\system32\nkl.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
-
In Memoriam -Always in our heart
Hello,
1. Download AVG Anti-Spyware (formerly Ewido) from HERE and save that file to your desktop.
This is a 30 day trial of the program- Once you have downloaded AVG anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete, run AVG and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
Close AVG anti-spyware, Do Not run a scan just yet
2. Please download Brute Force Uninstaller to your desktop.- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
Do not do anything with these yet!
4. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
5. IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning proccess:- Lauch AVG anti-spyware by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
- ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following: - If you have any infections you will prompted, then select "Apply all actions"
- Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop (This is important)
- Close AVG and reboot your system back into Normal Mode.
6. Then, please go to Start > My Computer and navigate to the C:\BFU folder.- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
- Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
- Wait for the complete script execution box to pop up and press OK.
- Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of AVG text report that you saved and a new HiJackThis log.
Thanks,
tea
-
I followed all of your directions to the letter.I encountered 2 problems. PROB 1: After I completed the AVG scan and selected the "reports" icon, AVG indicated "no reports available". PROB 2: Back in normal mode when I selected alcanshorty.bfu, I got a return message "windows cannot open this file". I searched on the web and could not find any program to open the .bfu extension. Any suggestions? Help. I included a highjackthis log incase it might help. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 5:09:19 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\netmedia.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\JANRAL~1\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe
R3 - URLSearchHook: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll (file missing)
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\khfcbbc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {9A7920B9-ED0A-9ED9-7B90-C79E8B17079D} - C:\WINDOWS\system32\pcsierhb.dll (file missing)
O2 - BHO: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\Run: [qzz457fc] RUNDLL32.EXE w0471b8d.dll,n 006457f60000000a0471b8d
O4 - HKLM\..\Run: [win3208484168346] C:\WINDOWS\win3208484168346.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Toai] "C:\PROGRA~1\COMMON~1\SCURIT~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Cbtbpk] C:\WINDOWS\M?crosoft\n?tepad.exe
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe
O16 - DPF: {05574F48-FEE1-4A0A-9013-B8A85C7C6CCE} (VacPro.int_ver20a) - http://www.muiegaozsicur.com/ocx/can_ver20a.CAB
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.69.85.208/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/ac...pv2.0.0.9.cab?
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: khfcbbc - khfcbbc.dll (file missing)
O21 - SSODL: CTEiNjJGIZs - {322B1209-9881-B8A3-9FBE-DD6262AB8BD6} - C:\WINDOWS\system32\nkl.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
-
In Memoriam -Always in our heart
Hello,
We need to move HijackThis! to it's own permanent folder to ensure that we don't lose its backups. To make a permanent folder, double-click the My Computer icon on the desktop.
Click Local Disk C:.
File | New | Folder
A new folder called New Folder will be created.
Rename New Folder to HJT or HijackThis. Now move HijackThis! into the new folder you just created.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcom...planation.html
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:
R3 - URLSearchHook: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll (file missing)
O2 - BHO: (no name) - {0E24427B-DF2A-40EB-980B-A819F5FF3DD0} - C:\WINDOWS\system32\khfcbbc.dll (file missing)
O2 - BHO: (no name) - {9A7920B9-ED0A-9ED9-7B90-C79E8B17079D} - C:\WINDOWS\system32\pcsierhb.dll (file missing)
O2 - BHO: (no name) - {AACE51EA-9908-E6DC-7870-B9896A7932C4} - C:\WINDOWS\system32\fkdlg.dll (file missing)
O4 - HKLM\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\Run: [qzz457fc] RUNDLL32.EXE w0471b8d.dll,n 006457f60000000a0471b8d
O4 - HKLM\..\Run: [win3208484168346] C:\WINDOWS\win3208484168346.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [{29123221-3AF8-488c-85DE-6B3EC59E8074}] C:\WINDOWS\netmedia.exe -s
O4 - HKCU\..\Run: [Toai] "C:\PROGRA~1\COMMON~1\SCURIT~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Cbtbpk] C:\WINDOWS\M?crosoft\n?tepad.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe
O16 - DPF: {05574F48-FEE1-4A0A-9013-B8A85C7C6CCE} (VacPro.int_ver20a) - http://www.muiegaozsicur.com/ocx/can_ver20a.CAB
O20 - Winlogon Notify: khfcbbc - khfcbbc.dll (file missing)
O21 - SSODL: CTEiNjJGIZs - {322B1209-9881-B8A3-9FBE-DD6262AB8BD6} - C:\WINDOWS\system32\nkl.dll (file missing)
Close all browsers and other windows except for HijackThis!, and click "Fix Checked".
Navigate to and delete the following, if present:
C:\WINDOWS\netmedia.exe
c:\windows\system32\_mzu_stonedrv8.exe
C:\WINDOWS\win3208484168346.exe
C:\PROGRA~1\COMMON~1\SCURIT~1
you'll have to search for this to delete it:
w0471b8d.dll
Reboot your computer.
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found:
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) - After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.
Thanks,
tea
Last edited by teacup61; 2006-11-08 at 21:07.
-
hello Teacup,
Followed your instructions, here is the Dr. Web log and another highjack this log. Hope this works.
netmedia.exe;C:\WINDOWS;Probably DLOADER.Trojan;Incurable.Moved.;
backup-20061108-155550-107.dll;C:\Highjackthis\hijackthis\backups;Dialer.Vacpro;Incurable.Moved.;
A0001578.exe;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP5;Tool.Prockill;Incurable.Moved.;
A0004293.EXE;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP15;Joke.Geschenk;Incurable.Moved.;
A0004295.EXE;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP15;Joke.Opros;Incurable.Moved.;
A0006779.exe;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP22;Trojan.DownLoader.14300;Deleted.;
A0006780.dll;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP22;Adware.Give4Free;Incurable.Moved.;
A0006781.exe;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP22;Adware.Give4Free;Incurable.Moved.;
A0006782.exe;C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP22;Trojan.PurityAd;Deleted.;
00057261.OCX;C:\Recycled\NPROTECT;Dialer.Vacpro;Incurable.Moved.;
Logfile of HijackThis v1.99.1
Scan saved at 5:19:33 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Highjackthis\hijackthis\HijackThis.exe
C:\Highjackthis\hijackthis\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.69.85.208/mgaxctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/ac...pv2.0.0.9.cab?
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
-
In Memoriam -Always in our heart
Hello,
In the AVG program, there should be an option to save all reports, or something similar, in the settings. If you can check that, then run a scan with the directions below and get a report, that would be great.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
Close all browsers and other windows except for HijackThis!, and click "Fix Checked".
delete the following file :
c:\windows\system32\_mzu_stonedrv8.exe
- In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
- AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
- Restart back into Normal Mode.
In your reply, please post the report from AVG and a new HijackThis log. Also let me know how your computer is running now.
Thanks,
tea
-
Page 1
Hello tea,
Followed your instructions, here's the AVG report and a new highjackthis log.
My computer seems to be running better than it was, but after I completed your instructions, I ran Spybot again, The only threat it comes up with is "command service". It is still there! and Spybot cannot delete the registry keys. What next?
I'm going to have to send you the AVG report on several pages as it is 73,470 characters (20000 max) It will take at least 4 pages.
------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:31:23 AM 11/10/2006
+ Scan result:
C:\System Volume Information\_restore{AD5B2A9C-3318-4E8D-9058-C273F91A8832}\RP22\A0006783.dll -> Adware.PurityScan : Cleaned.
C:\Documents and Settings\DoctorWeb\Quarantine\A0006780.dll -> Hijacker.Small.ja : Cleaned.
C:\Documents and Settings\DoctorWeb\Quarantine\A0006781.exe -> Hijacker.Small.ja : Cleaned.
C:\Documents and Settings\Cookies\247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Cookies\2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Recycled\NPROTECT\00060987.TXT -> TrackingCookie.2o7 : Cleaned.
C:\Recycled\NPROTECT\00060988.TXT -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cookies\adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059966.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059967.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059976.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059977.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059992.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059993.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00059998.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060013.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060014.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060020.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060021.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060033.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060034.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060039.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060046.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060047.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060053.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060065.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060066.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060073.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060074.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060084.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060085.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060093.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060094.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060102.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060103.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060108.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060110.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060121.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060122.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060131.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060132.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060147.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060148.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060152.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060153.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060162.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060163.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060174.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060175.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060181.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060182.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060197.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060198.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060216.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060217.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060230.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060231.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060237.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060238.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060248.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060249.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060252.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060253.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060265.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060266.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060272.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060273.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060284.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060285.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060291.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060292.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060305.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060306.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060318.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060319.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060328.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060329.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060349.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060350.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060356.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060357.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060376.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060377.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060383.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060384.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060405.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060406.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060412.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060413.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060425.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060426.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060432.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060433.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060447.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060448.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060455.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060456.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060472.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060473.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060482.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060483.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060495.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060496.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060506.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060507.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060530.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060531.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060540.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060541.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060551.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060552.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060558.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060559.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060571.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060572.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060581.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060582.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060595.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060596.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060605.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060606.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060620.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060621.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060630.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060631.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060643.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060644.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060649.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060650.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060689.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060690.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060696.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060697.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060907.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Recycled\NPROTECT\00060908.TXT -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Cookies\rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Cookies\advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00059982.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00059983.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00059986.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00059987.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00059988.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060000.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060001.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060025.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060026.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060027.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060041.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060042.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060059.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060060.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060061.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060078.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060079.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060080.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060098.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060099.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060116.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060117.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060136.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060137.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060169.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060170.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060184.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060185.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060193.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060221.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060222.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060225.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060226.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060242.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060243.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060245.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060257.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060277.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060278.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060279.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060280.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060312.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060313.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060333.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060334.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060337.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060364.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060365.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060368.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060388.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060389.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060391.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060396.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060417.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060435.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060436.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060439.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060460.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060461.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060464.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060487.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060488.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060491.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060514.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060515.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060518.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060519.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060525.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060526.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060533.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060534.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060543.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060563.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060586.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060587.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060590.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060591.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060610.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060611.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060616.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060635.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060636.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060639.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060652.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060653.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060656.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060657.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060658.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060659.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060665.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060671.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060681.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060701.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Recycled\NPROTECT\00060702.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Cookies\atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules