1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

W32.Myzor.FK@yf

Discussion in 'Windows - Virus and spyware problems' started by dbarre14, Jun 10, 2006.

  1. dbarre14

    dbarre14 Member

    Joined:
    Jun 10, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Have tried SmitFraudFix in Safe Mode and ewido but to no effect. Still with unwanted popups and alerts. Attached are latest log files. Hope you can help.
    Halfback.

    Logfile of HijackThis v1.99.1
    Scan saved at 09:22:59, on 10/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\dcomcfg.exe
    C:\WINDOWS\system32\atmclk.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\system32\PspContr.Exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
    C:\program files\common files\system\mplay64.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\David Barret.DAVID-B9T5Z74OE.000\Desktop\HijackThis_v1.99.1.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp (file missing)
    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - E:\System\mnyviewer.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [hcwPVRReset] C:\PROGRA~1\WINTV\hcwP1Utl.exe -Quiet -ResetHardware -NotifyResetFailure -KeepTrying
    O4 - HKLM\..\Run: [PspContr] PspContr.Exe
    O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
    O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [WinCast] F:\SETUP.EXE -leng
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
    O4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\mplay64.exe /noerrorinfo
    O4 - HKLM\..\Run: [Msdmxm] c:\windows\system32\msdmxm.exe /nocomm
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ms1src] c:\program files\common files\system\ms1src.exe /install
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DriveCleaner 2006] "C:\Program Files\DriveCleaner 2006\DC2006.exe" /min
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WINTV\Ir.exe
    O4 - Global Startup: MiniMavis.lnk = E:\Data\MavisBeaconTyping\MiniMavis.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?64eefd9036c3476996fe9076eac07e9d
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?64eefd9036c3476996fe9076eac07e9d
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://G:\SuperCD\IntraLaunch.CAB
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 18:11:50, 08/06/2006
    + Report-Checksum: 692C25EB

    + Scan result:

    :mozilla.14:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    :mozilla.102:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.105:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.152:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.164:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.168:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.185:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.187:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.193:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.196:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.211:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.219:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.224:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.227:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.231:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.232:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.233:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.242:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.249:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
    :mozilla.261:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.262:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.268:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.271:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.277:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
    :mozilla.293:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.318:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
    :mozilla.341:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.349:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.357:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.363:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.377:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.380:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.388:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.444:C:\Documents and Settings\David Barret\Application Data\Mozilla\Firefox\Profiles\vz0xdb73.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\David Barret.DAVID-B9T5Z74OE.000\Cookies\david barret@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
    C:\Program Files\NoAdware4\noadwareutils.dll -> Adware.WebRebates : Cleaned with backup


    ::Report End
     
    dbarre14, Jun 10, 2006
    #1
  2. Jurppis

    Jurppis Regular member

    Joined:
    Feb 22, 2006
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    26
    Hi dbarre14,

    Download WinPFind:
    http://www.bleepingcomputer.com/files/winpfind.php
    From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"
    It will scan the entire System, so please be patient
    Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder

    Open the SmitfraudFix-folder and doubleclick smitfraudfix.cmd
    Hit 1, onyour keyboard, and then Enter
    Copy the complete text, wich is on your screen after SmitfraudFix is done, and post it in this topic. Post also the contents of WinPFind.txt
     
    Jurppis, Jun 10, 2006
    #2
  3. dbarre14

    dbarre14 Member

    Joined:
    Jun 10, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Could not get WinPfind to run, but here is log from SmitFraudFix. I did run SmitFraudFix after posting to this thread with much more success. I have only one or two unwanted popups now. Of course I would like to get rid of these. Thanks for your help so far. Halfback.

    SmitFraudFix v2.56

    Scan done at 20:38:15.35, 14/06/2006
    Run from E:\My Documents\CleanUp\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    dbarre14, Jun 14, 2006
    #3
  4. dbarre14

    dbarre14 Member

    Joined:
    Jun 10, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Have tried WinPFind again. Launches with error message 'file path not found'. Click OK then select all then start scan. Error Access Violation in module 'winpfind.exe' OK seems to set scanner going but no disk light flashing and NO output after 60+ mins. Can you help with this? Would a scan with HijackThis be any good? That seems to work OK? Thanks.
    Halfback.
     
    dbarre14, Jun 14, 2006
    #4
  5. Jurppis

    Jurppis Regular member

    Joined:
    Feb 22, 2006
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    26
    First make an own folder to HijackThis and put it there for example C:\Hjt

    Open HijackTHis, do a system scan only and check these:

    O4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\mplay64.exe /noerrorinfo
    O4 - HKLM\..\Run: [Msdmxm] c:\windows\system32\msdmxm.exe /nocomm
    O4 - HKLM\..\Run: [ms1src] c:\program files\common files\system\ms1src.exe /install


    Close all open windows and click fix cheked.

    Reconfigure Windows XP to show hidden files:
    Click Start. Open My Computer.
    Select the Tools menu and click Folder Options. Select the View Tab.
    Under the Hidden files and folders heading select "Show hidden files and folders".
    Uncheck the "Hide protected operating system files (recommended)" option.
    Uncheck the "Hide file extensions for known file types" option.
    Click Yes to confirm. Click OK.

    Then go to safe mode and delete these files or folders (if found):
    http://www.pchell.com/support/safemode.shtml

    c:\program files\common files\->system
    c:\windows\system32\->msdmxm.exe

    Then boot back to normal mode and post a new HijackTHis log.
     
    Jurppis, Jun 15, 2006
    #5
  6. dbarre14

    dbarre14 Member

    Joined:
    Jun 10, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    here is the HijackThis log.
    Logfile of HijackThis v1.99.1
    Scan saved at 10:25:25, on 16/06/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\system32\PspContr.Exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\David Barret.DAVID-B9T5Z74OE.000\Desktop\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - E:\System\mnyviewer.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [hcwPVRReset] C:\PROGRA~1\WINTV\hcwP1Utl.exe -Quiet -ResetHardware -NotifyResetFailure -KeepTrying
    O4 - HKLM\..\Run: [PspContr] PspContr.Exe
    O4 - HKLM\..\Run: [PspUsbCf] PspUsbCf.exe
    O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [WinCast] F:\SETUP.EXE -leng
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WINTV\Ir.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?64eefd9036c3476996fe9076eac07e9d
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?64eefd9036c3476996fe9076eac07e9d
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://G:\SuperCD\IntraLaunch.CAB
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

    Hope this gives you the information you need. Thanks again.
    Halfback.
     
    dbarre14, Jun 16, 2006
    #6
  7. Jurppis

    Jurppis Regular member

    Joined:
    Feb 22, 2006
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    26
    Log looks clean. Do you still have problems?
     
    Jurppis, Jun 16, 2006
    #7
  8. dbarre14

    dbarre14 Member

    Joined:
    Jun 10, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Not today. So far everything seems ok. Let's hope it stays that way. Many thanks for your help.
    Halfback.
     
    dbarre14, Jun 16, 2006
    #8

Share This Page