my log file,any problem?pls help thank in advance

yuckz · 29.06.2005, 19:13

Code:

Logfile of HijackThis v1.99.1
Scan saved at 2:04:42 AM, on 6/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\crypserv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\kzugdauf.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\jesdgl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\sasetup.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {9CD11788-0AC0-8687-30A3-84CB7D476540} - C:\DOCUME~1\Owner\APPLIC~1\fordweb\oncetwo.exe
O2 - BHO: psic Class - {B6598677-4B54-42A9-BA67-8B64E3FCD92D} - C:\WINDOWS\System32\psic2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C712E22E-971E-82DF-669A-9F2DB992FD8C} - C:\PROGRA~1\fordweb\oncetwo.exe (file missing)
O2 - BHO: ctap Class - {DB0018A2-F7D9-4B71-9651-640143DF23F9} - C:\WINDOWS\System32\ctap7.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll
O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ourvefj] C:\WINDOWS\System32\kzugdauf.exe
O4 - HKLM\..\Run: [Corn poll coal meta] C:\Documents and Settings\All Users\Application Data\FIND ONE CORN POLL\WINDOW TEST.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ine] svchosts.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\jesdgl.exe
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [CamWizard] C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [tickloudgridonline] C:\Documents and Settings\All Users\Application Data\once clock tick loud\Mess Film.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [Á³#*K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\jesdgl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [ine] svchosts.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [flag proxy] C:\DOCUME~1\Owner\APPLIC~1\BLEHDV~1\SafeJugsDate.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxdm119YYMY
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Cl.../bridge-c1.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - http://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

**Ruby** · 30.06.2005, 02:32

Welcome to HijackThis.de @ Yuckz

You have some new malware at your system.
It will last a little while to check your system.
Please be patient. I will give you the advice what to do as soon as possible.

**Ruby** · 30.06.2005, 21:09

Hello Yuckz

Your system is compromised by a great lot of viruses and different sorts of adware. It should be better to formate your system and reinstall it. It would be not only the easyer way but also the faster way to clean up your system.
Please make me know about your decision. Thanks.

Make sure you set windows to see the hidden files and folders.

Please load these files

C:\WINDOWS\System32\kzugdauf.exe
C:\WINDOWS\jesdgl.exe

->up to Upload malicious software.
->up to ST-Adware-Upload.

and scan it with Virustotal and Jotti

If you need a zip-tool we suggest zipgenius (It is free).

Please make us know if you succeeded in uploading the files and make us know all about every result.

-----------------------
Please load down
RegistryProt,
read and follow the instructions.
For the greatest safety, it is recommended that
you may not do online-banking, file-sharing, mailing, messaging,
up and downloads behalve to security sites untill your system is clean.
Take a look to "Security Tips" in my signature.
-----------------------

**yuckz** · 30.06.2005, 21:36

i will formate my system, and thank alot.

**Ruby** · 01.07.2005, 03:15

Hello Yuckz

Thank you for your answer.
Please come back with your fresh system and make me see a new HJT-Logfile.
And here som tips how to get your system reinstalled:

Please note: Because worms and viruses can open your computer to unauthorized access, deleting malware may not completely secure an infected computer. Reinstalling the operating system and recovering data from backups (system recovery) may be the only way to make certain a critical system is safe.

BEFORE connecting to any network, take the following steps:

-> Make sure Windows and the IE are fully up-to-date: www.windowsupdate.com.
-> Check/set your IE settings
-> Use IE-Spyad to enhance your privacy and security
-> Use SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
-> Install, run and update anti-virus software
-> Regularly do software updates
-> Reset default passwords
-> Turn off file sharing
-> Turn on a Firewall
-> Do your work in non-administrator accounts
-> Back up important files on floppy disks, zip drives, or other storage devices on a regular basis, so that they can easily be replaced if a virus wipes out your hard drive
-> Make sure you set windows to see the hidden files and folders.
-> Install, update and run Spybot Search and Destroy
-> Install, update and run also Ad-Aware
-> Download ClearProg to delete all temporary files.
-> Use alternate browsers: Mozilla, Firefox, Opera.
-> Use alternate e-mail clients: Mozilla
-> Don't open email from strangers or attachments you weren't expecting—especially attachments with *.exe extensions

Check out the Baseline Security Analyzer. It examines your computer to make it safer in the Internet.

Once infected, your computer is dangerous. Your computer...
could be used to attack or infect other computers
could be used to send out thousands of spam mails in your name
could burden or disrupt people's networks with high volumes of messages

so: --> disconnect the computer from the Internet (Information, Prevention & Detection).

Worm Removal Information: It is always safest to do a complete re-format (which means erasing all of the programs and the data on your machine) and re-install Windows after a computer has been compromised (Formatting & Reinstalling). If you choose to take this step, it is extremely important to use the following procedure to keep from getting re-infected almost immediately:

--> Please note: you must format your local hard disk before reinstalling your operating system, otherwise this process will be a waste of time. Also note that after you format your hard disk, everything on it will be lost forever. So make sure you have taken everything you need off the drive before starting the format procedure (Rebuilding Your Computer or Clean Install of Windows).

01. Gather all materials you need. For example, backup firewall software and any downloads you may need during the rebuild process. This is important because if you forget something and need to get on the network before all procedures are complete, your computer may become reinfected and you'll have to start all over again. If you run Windows XP, it would be the best to download Windows XP Service Pack 2 and burn it to CD.

-> 02. Disconnect the network cable.
-> 03. Perform your document backup. Back up your personal files and folders from the hard disk. It is better not to back up programs, if they can be reloaded.
-> 04. Obtain drivers for all the hardware.
-> 05. Reformat your computer.
-> 06. Reinstall programs from vendor media.
-> 07. If you are running Windows XP and you have a copy of Windows XP Service Pack 2, install it now.
-> 08. Reinstall your operating system.
-> 09. Install your drivers and software again.
-> 10. Enable the Windows XP firewall or any other firewall you may have.
-> 11. Reboot your computer.
-> 12. When the computer has completely rebooted, connect your network cable and follow the rest of the StartSafe procedures (http://www.jmu.edu/computing/security/startsafe)
-> 13. Change all passwords that were typed into your computer while it was infected.
-> 14. Copy personal files and folders back - but don't forget to scan these back-ups by antivirus-programs, otherwise you'll got the infections back on the new system.

NEVER bring up a server until all patches and configuration changes have been completed. Unpatched servers have been found and compromised in minutes by automated worms and scripts. Install the software while the machine is disconnected from network, make sure all servers are shut down, connect to the network and download the patches, disconnect from the network, and apply patches (FAQ Computer Security).

-> Please read: Why did I get infected in the first place

Many Thanks to several Security Pages on Internet

**yuckz** · 01.07.2005, 08:38

my new log file after done system recovery and update
is that clean now?

Code:

Logfile of HijackThis v1.99.1
Scan saved at 3:35:32 PM, on 7/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120169692891
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

**Ruby** · 01.07.2005, 09:04

Hello Yuckz

I'm so sorry but your system isn't clean.
It looks much better now, but...

Remember that Hijackthis must be run in an own folder.
Not so:
C:\Documents and Settings\Owner\Desktop\hijackthis_199\HijackThis.e xe
But:
C:\Program Files\HJT\HijackThis.exe or C:\HJT\HijackThis.exe
Only if Hijackthis runs in an own folder it will create backups!

You will want to copy the text from this post and save it as a text file
(*.txt) or print it because you will be working offline (in safemode) to resolve
your problem and not have access to this forum.

Follow these STEPS.

STEP 1
You must turn off System Restore during this process.
You will keep it off until we are done fixing your system.

STEP 2
Download a Trial Version of Ewido.
Update it online.

STEP 3
Now turn off your computer and remove the network cable/phone line from your machine.
Reboot your computer in Safe Mode

STEP 4
Scan whole your system by ewido.
Save the logfile.

STEP 5
Reconnect your network cable/phone line
Reboot your system into normal mode.

Post the Ewido Logfile.

**yuckz** · 01.07.2005, 12:07

ewido scan report, thanks

Code:

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:			6:56:32 PM, 7/1/2005
 + Report-Checksum:		2053D381

 + Date of database:		7/1/2005
 + Version of scan engine:	v3.0

 + Duration:				120 min
 + Scanned Files:			170234
 + Speed:				23.56 Files/Second
 + Infected files:			164
 + Removed files:			132
 + Files put in quarantine:		132
 + Files that could not be opened:	0
 + Files that could not be cleaned:	32

 + Binder:		Yes
 + Crypter:		Yes
 + Archives:		Yes

 + Scanned items:
	C:\
	D:\

 + Scan result:
	C:\Documents and Settings\Owner\Application Data\Bleh Dvd\BIKE SLOW NEW ACID.exe -> Spyware.Lop.l -> Cleaned with backup
	C:\Documents and Settings\Owner\Application Data\Bleh Dvd\extra dale wait.exe -> Spyware.Lop.l -> Cleaned with backup
	C:\Documents and Settings\Owner\Application Data\Bleh Dvd\Fork Inter Wait Corn.exe -> Spyware.Lop.l -> Cleaned with backup
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-3006fde7-40a22dc4.class -> Trojan.Byteverify -> Cleaned with backup
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-70bda4ef-56fca7ad.class -> Trojan.Nocheat -> Cleaned with backup
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ok.class-756da23d-48fba15e.class -> Trojan.Nocheat -> Cleaned with backup
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6fd9f626-5432e635.class -> TrojanDownloader.Small.WV -> Cleaned with backup
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-31548af4-5676a63a.zip/Gummy.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3cd8601-1f6088e0.zip/Gummy.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3f46430c-19d3ebd2.zip/Gummy.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5157872c-64b2e2f1.zip/Gummy.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6e515e1-6693923e.zip/Gummy.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-77402a30-5aae4cc6.zip/Gummy.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-78ee691-70a0495f.zip/Gummy.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-1946ff78-5c5dd9b7.zip/Counter.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-1946ff78-5c5dd9b7.zip/Gummy.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-1946ff78-5c5dd9b7.zip/Beyond.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-1946ff78-5c5dd9b7.zip/web.exe -> Trojan.Small.ai -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-3bf7f9b4-5a558a57.zip/Counter.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-3bf7f9b4-5a558a57.zip/Gummy.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-3bf7f9b4-5a558a57.zip/Beyond.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-3bf7f9b4-5a558a57.zip/web.exe -> Trojan.Small.ai -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-786d8b05-27238f24.zip/Counter.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-786d8b05-27238f24.zip/Gummy.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-786d8b05-27238f24.zip/Beyond.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-7271642a-71cfa4cc.zip/Dummy.class -> Trojan.ClassLoader.Dummy.d -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counters.jar-41c90c26-327a234e.zip/Counter.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counters.jar-41c90c26-327a234e.zip/Gummy.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counters.jar-41c90c26-327a234e.zip/VerifierBug.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counters.jar-41c90c26-327a234e.zip/Xeyond.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-64e31c12-3a4d4058.zip/Counter.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-64e31c12-3a4d4058.zip/VerifierBug.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-64e31c12-3a4d4058.zip/Gummy.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-64e31c12-3a4d4058.zip/Xeyond.class -> Trojan.Java.Femad -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\Counters.jar-64e31c12-3a4d4058.zip/web.exe -> TrojanDropper.Small.ja -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv201.jar-280e5f12-7a3f22bf.zip/Counter.class -> Trojan.ClassLoader.h -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv67.jar-15808673-1e42dcd3.zip/Counter.class -> Trojan.ClassLoader.h -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b189c-26e8ae7c.zip/Counter.class -> Trojan.ClassLoader.h -> Error during cleaning
	C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv79.jar-17518e14-62df6c03.zip/Counter.class -> Trojan.ClassLoader.h -> Error during cleaning
	C:\Documents and Settings\Owner\Cookies\owner@12438235[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@2418715[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@3355774[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@34026770[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@5355539[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@ads.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@adserver.news.com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@blp.valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@bravenet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[4].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[5].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@counter.hitslink[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@delb.imixserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@depl.imixserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@desky.imixserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@ehg-mastercard.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@fcstats.bcentral[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@hg1.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@imixserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@myway[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@perf.overture[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@S144827[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@servedby.netshelter[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@***list[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@www.lop[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\873101.tmp -> Spyware.AltnetBDE -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@counter.mtree[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@counter14.***tracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@counter15.***tracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@counter16.***tracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@counter2.***tracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@counter6.***tracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@hg1.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@image.masterstats[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@linksynergy[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@***tracker[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@xxxcounter[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\Del10.tmp -> Spyware.180solutions -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\fkQa4Na.exe -> TrojanDownloader.IstBar -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\fWWY1vQ.exe -> TrojanDownloader.IstBar -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\ilzerej.exe -> Worm.Mytob.bi -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\msbbhook.dll -> Spyware.180solutions -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\ncmyb.dll -> Spyware.180solutions -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\optimize.exe -> TrojanDownloader.Dyfuca.du -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\powerscan.exe -> Spyware.PowerScan.c -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\satmat.exe -> TrojanDownloader.Stubby.d -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\THI1D28.tmp\dlmax.dll -> Spyware.DlMax.a -> Cleaned with backup
	C:\Documents and Settings\Owner\Local Settings\Temp\__unin__.exe -> Spyware.AltnetBDE -> Cleaned with backup
	C:\LOL.scr -> Worm.VB.d -> Cleaned with backup
	C:\Program Files\Common Files\adprdbpl\aajnlptjrj\nrpljtfcd.exe -> Spyware.Gator -> Cleaned with backup
	C:\Program Files\Common Files\adprdbpl\lbnnahdn\fppnjhpt.exe -> Spyware.Gator -> Cleaned with backup
	C:\Program Files\ISTbar\istbar.dll -> TrojanDownloader.IstBar.ge -> Cleaned with backup
	C:\Program Files\ISTsvc\istsvc.exe -> TrojanDownloader.IstBar -> Cleaned with backup
	C:\Program Files\MSN Messenger\riched20.dll -> Spyware.Wesbar -> Cleaned with backup
	C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE -> Spyware.MyWay.b -> Cleaned with backup
	C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL -> Spyware.ToolBar.MyWay.g -> Cleaned with backup
	C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay -> Cleaned with backup
	C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay.e -> Cleaned with backup
	C:\Program Files\Power Scan\powerscan.exe -> Spyware.PowerScan.c -> Cleaned with backup
	C:\Program Files\SearchRelevancy\SearchRelevancy1.dll -> Spyware.Relevance.b -> Cleaned with backup
	C:\Program Files\SearchRelevant\SearchRelevant.dll -> Spyware.Relevance -> Cleaned with backup
	C:\Program Files\Windows AdStatus\WinStat.exe -> Spyware.WinAD.s -> Cleaned with backup
	C:\Program Files\Windows AdStatus\WinStatComm.dll -> Spyware.WinAD.u -> Cleaned with backup
	C:\Program Files\Windows AdStatus\WinStatKeep.exe -> Spyware.WinAD.k -> Cleaned with backup
	C:\Temp\NCasePackage.exe -> Spyware.180solutions -> Cleaned with backup
	C:\Temp\salm.exe -> Spyware.180Solutions -> Cleaned with backup
	C:\Temp\salmhook.dll -> Spyware.180solutions -> Cleaned with backup
	C:\Temp\SearchRelevancy.exe -> Spyware.Relevance.a -> Cleaned with backup
	C:\Temp\WinCtlAdInstPack.exe -> Spyware.WinAD.f -> Cleaned with backup
	C:\WINDOWS\cerbmod.dll -> Dialer.Generic -> Cleaned with backup
	C:\WINDOWS\dlmax.dll -> Spyware.DlMax.a -> Cleaned with backup
	C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b -> Cleaned with backup
	C:\WINDOWS\hmwevemg.exe -> TrojanDownloader.IstBar.ij -> Cleaned with backup
	C:\WINDOWS\jesdgl.exe -> TrojanDownloader.IstBar.ij -> Cleaned with backup
	C:\WINDOWS\m7.exe -> TrojanDownloader.Swizzor.bt -> Cleaned with backup
	C:\WINDOWS\questmod.dll -> Dialer.Generic -> Cleaned with backup
	C:\WINDOWS\satmat.exe -> TrojanDownloader.Stubby.d -> Cleaned with backup
	C:\WINDOWS\Temp\Altnet\adm.exe -> Spyware.Altnet.a -> Cleaned with backup
	C:\WINDOWS\Temp\Altnet\adm25.dll -> Spyware.Altnet.b -> Cleaned with backup
	C:\WINDOWS\Temp\Altnet\adm4.dll -> Spyware.Altnet.a -> Cleaned with backup
	C:\WINDOWS\Temp\Altnet\admdloader.dll -> Spyware.Altnet.b -> Cleaned with backup
	C:\WINDOWS\Temp\Altnet\admfdi.dll -> Spyware.Altnet.b -> Cleaned with backup
	C:\WINDOWS\Temp\Altnet\admprog.dll -> Spyware.Altnet.b -> Cleaned with backup
	C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet.b -> Cleaned with backup
	C:\WINDOWS\twaintec.dll -> Spyware.BiSpy.o -> Cleaned with backup
	C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup
	C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup


::Report End

**Ruby** · 01.07.2005, 12:19

Hi Yuckz

1
Turn off System Restore during this process. You will keep it off until we are done fixing your system.

2
Load down the KillBox save it to your desktop

3
Run the Killbox

o browse all files and backups made by ewido and the following folders into the killbox:

C:\Program Files\ISTbar <- this folder
C:\Program Files\ISTsvc <- this folder
C:\Program Files\MyWay <- this folder
C:\Program Files\Power Scan <- this folder
C:\Program Files\SearchRelevancy <- this folder
C:\Program Files\Windows AdStatus <- this folder
C:\WINDOWS\wt <- this folder

o activate "Replace on Reboot"
o activate "Use dummy" - then click at the red X
o "YES"
o "NO" by the question if you want to reboot ...

... reboot as you got the last file into the killbox.

4
Download for free:
ccleaner

5
Go to START > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files,
and Recycle Bin are the only things checked. Press OK to remove them.

6
Run the CCleaner
==>> Put a checkmark to all items!! under all three tabs.

7
Run HijackThis once more
Have it save a logfile.

Post it please.

**yuckz** · 01.07.2005, 15:29

new log

Code:

Logfile of HijackThis v1.99.1
Scan saved at 10:26:48 PM, on 7/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120169692891
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Thema: my log file,any problem?pls help thank in advance

Themen-Optionen

my log file,any problem?pls help thank in advance

AW: my log file,any problem?pls help thank in advance

AW: my log file,any problem?pls help thank in advance

Re: my log file,any problem?pls help thank in advance

AW: my log file,any problem?pls help thank in advance

Re: my log file,any problem?pls help thank in advance

AW: my log file,any problem?pls help thank in advance

Re: my log file,any problem?pls help thank in advance

AW: my log file,any problem?pls help thank in advance

Re: my log file,any problem?pls help thank in advance

Aktive Benutzer

Aktive Benutzer

Berechtigungen