i have hurl.exe on my desk top and i was not able to remove it. everytime when i try to delete it a window poped up saying that it being used by another user or program. and i need assistance. ~thanks
Mosaic1
Feb 9 2006, 04:22 AM
Post a hijackthis log please. Download and then extract Hijackthis.exe to a new folder. Do not run it from the zip the desktop or a temp folder.
Do not remove anything using HijackThis. Save the log and then copy and paste the contents into your next reply here in this same topic. It lists many types of entries. Some are good, and others need to be removed. We will help you sort it out.
sagaemia
Feb 10 2006, 01:38 AM
Logfile of HijackThis v1.99.1 Scan saved at 下午 05:38:44, on 2006/2/9 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
When you run ewido for the first time, you might get a warning "Database could not be found!". Click OK.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Exit Ewido. DO NOT scan yet.
If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually ----------------- You will be restarting into Safe mode later. Here's help if you need it.
To use the F8 key to start Windows XP in Safe mode Restart the computer. Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening. As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again. Using the arrow keys on the keyboard, select Safe mode and then press Enter.
------------------- Restart into safe mode. Run hijackthis. Select the following items and press the fix checked button:
Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so please be patient
If Ewido finds anything, it will pop up a notification. You can select "remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Copy and paste the results from that scan back here when you return to post again.
*Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended). You will still be able to manually update Ewido using the *update* button ---------------
Restart into Regular Windows.
I suspect you have more than what we have seen in just the hijackthis log. We'll have more to do.
Unzip to a folder and the double click on autoruns.exe
Wait until the program has finished running (the status line will show 'Ready') Under the 'Options' menu, make sure that 'Include Empty Sections' is checked. Wait again until ready.
Be sure the 'Everything' tab is selected. Select 'File -> Save' and save the output file.
Copy the contents of the Autoruns text file and post its contents in your next reply here.
----------------
You may have to reply more than once to fit all the logs into your response. Please be sure the entire contents of all logs is showing in your reponses. Thank you.
Post a startuplist too please. In Hijackthis press the Config Button Click Misc Tools Check both boxes next to the Generate StartupList log and then click the generate startuplist log button.
StartupList report, 2006/2/10, 下午 07:26:06 StartupList version: 1.52.2 Started from : C:\Documents and Settings\KevinKo\Desktop\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ==================================================
load=*INI section not found* run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present
- Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor'
End of report, 37,542 bytes Report generated in 0.371 seconds
Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
Mosaic1
Feb 11 2006, 03:37 AM
Your autoruns log is unreadable. Please go back and post it again. Turn word wrap on. In notepad before you do.
Mosaic1
Feb 11 2006, 04:01 AM
Please edit your previous post. I can't read that autoruns log as it is. Run autoruns again. Do not save in Wordpad if that's what you did. I am leaving shortly. Thank you.
+ Scheduled Tasks Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll
+ Search Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll
+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll
+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell Application Manager Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl
+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanui2.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\ace mega codecs pack\systems\realmedia\rpshell.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll
+ Shell extensions for Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll
+ Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell Image Verbs Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll
+ Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll
+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ The Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll
+ Track Popup Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Universal Plug and Play Devices UPNP Tray Monitor and Folder Microsoft Corporation c:\windows\system32\upnpui.dll
+ User Accounts Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll
+ Web Folders Microsoft Web Folders Microsoft Corporation c:\program files\common files\microsoft shared\web folders\mson-- The nicest hobby on Earth ;) --t.dll
+ Web Printer Shell Extension Print UI DLL Microsoft Corporation c:\windows\system32\printui.dll
+ Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll
+ Web Search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll
+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll
+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll
+ ISP signup reminder 1.job Windows OOBE Balloon Reminder Microsoft Corporation c:\windows\system32\oobe\oobebaln.exe
+ McAfee.com Scan for Viruses - My Computer (KEVIN-KevinKo).job File not found: c:\program files\mcafee.com\vso\mcmnhdlr.exe
HKLM\System\CurrentControlSet\Services
+ 6to4 Provides DDNS name registration and automatic IPv6 connectivity over an IPv4 network. If this service is stopped, other computers may not be able to reach it by name and the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. If this service is disabled, any other services that explicitly depend on this service will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\svchost.exe
+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Corporation c:\windows\system32\svchost.exe
+ Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ ERSvc Allows error reporting for services and applictions running in non-standard environments. Microsoft Corporation c:\windows\system32\svchost.exe
+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Corporation c:\windows\system32\services.exe
+ ewido security suite control ewido control ewido networks c:\program files\ewido anti-malware\ewidoctrl.exe
+ Fax Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. Microsoft Corporation c:\windows\system32\fxssvc.exe
+ Framework Windows 运行加速器,提供软件的快速运行,恢复,以及加速功能。无法终止此服务。 Microsoft Corporation c:\windows\system32\svchost.exe
+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Corporation c:\windows\system32\svchost.exe
+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\services.exe
+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Corporation c:\windows\system32\lsass.exe
+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Corporation c:\windows\system32\lsass.exe
+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation c:\windows\system32\svchost.exe
+ SamSs Stores security information for local user accounts. Microsoft Corporation c:\windows\system32\lsass.exe
+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Corporation c:\windows\system32\svchost.exe
+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\svchost.exe
+ ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Corporation c:\windows\system32\svchost.exe
+ Spooler Loads files to memory for later printing. Microsoft Corporation c:\windows\system32\spoolsv.exe
+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Corporation c:\windows\system32\svchost.exe
+ Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\svchost.exe
+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Corporation c:\windows\system32\svchost.exe
+ UMWdf Enables Windows user mode drivers. Microsoft Corporation c:\windows\system32\wdfmgr.exe
+ Universal Disk Manager Windows μ?′òó?????×ó?μí3£?ìá1?°2è??ì?ùμ?′òó?·t???£ File not found: C:\Program Files\Common Files\SAND\qqfacerclient.exe
+ w32time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Microsoft Corporation c:\windows\system32\svchost.exe
+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe
+ wscsvc Monitors system security settings and configurations. Microsoft Corporation c:\windows\system32\svchost.exe
+ wuauserv Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Microsoft Corporation c:\windows\system32\svchost.exe
+ WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Corporation c:\windows\system32\svchost.exe
HKLM\System\CurrentControlSet\Services
+ abp480n5 AdvanSys SCSI Controller Driver Microsoft Corporation c:\windows\system32\drivers\abp480n5.sys
+ ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys
+ adpu160m Adaptec Ultra160 SCSI miniport Microsoft Corporation c:\windows\system32\drivers\adpu160m.sys
+ aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys
+ AFD AFD Networking Support Environment Microsoft Corporation c:\windows\system32\drivers\afd.sys
+ agp440 440 NT AGP Filter Microsoft Corporation c:\windows\system32\drivers\agp440.sys
+ agpCPQ CompatNT AGP Filter Microsoft Corporation c:\windows\system32\drivers\agpcpq.sys
+ Aha154x Adaptec AHA-154x series SCSI miniport Microsoft Corporation c:\windows\system32\drivers\aha154x.sys
+ aic78u2 Adaptec Ultra2 SCSI miniport Microsoft Corporation c:\windows\system32\drivers\aic78u2.sys
+ aic78xx Adaptec Ultra SCSI miniport Microsoft Corporation c:\windows\system32\drivers\aic78xx.sys
+ AliIde ALi mini IDE Driver Acer Laboratories Inc. c:\windows\system32\drivers\aliide.sys
+ alim1541 ALi M1541 NT AGP Filter Microsoft Corporation c:\windows\system32\drivers\alim1541.sys
+ ewido security suite driver c:\program files\ewido anti-malware\guard.sys
+ Fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\drivers\fdc.sys
+ Flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\drivers\flpydisk.sys
+ FsVga Full Screen Video Driver Microsoft Corporation c:\windows\system32\drivers\fsvga.sys
+ Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys
+ GEARAspiWDM CDRom Class Filter Driver GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys
+ HidUsb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\drivers\hidusb.sys
+ hpn NetRAID-4M Miniport Driver Microsoft Corporation c:\windows\system32\drivers\hpn.sys
+ HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\drivers\http.sys
+ i2omp I2O Miniport Driver Microsoft Corporation c:\windows\system32\drivers\i2omp.sys
+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys
+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll
+ comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll
+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll
+ imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll
+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll
+ lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll
+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll
+ oleaut32 Microsoft Corporation c:\windows\system32\oleaut32.dll
+ olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll
+ olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll
+ olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll
+ olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll
+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll
+ shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll
+ urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll
+ version Version Che
Mosaic1
Feb 12 2006, 05:43 PM
The autoruns log got cut off. Could youplease go back to the log and post just the last part which is missing? Don't try to post the entire log again, thanks. It's too long for one reply.
Mosaic1
Feb 12 2006, 05:58 PM
Go to Start >Run and paste in this next command. Then press enter. regsvr32 /i webcheck.dll
Wait for the success message.
Let me know if you get an error or if it was successful.
----------
Check to see if this file is present and let me know.
C:\windows\system32\DRIVERS\wanatw4.sys
-----------------
Reset the Internet Security Zone Settings Start Microsoft Internet Explorer.
Click Tools > Internet Options.
Click on the Security tab. Click on the Internet Icon on upper pane of the window. Click on Default Level on lower right corner of the window. Click on the Local Internet Icon on upper pane of the window. Click on Default Level on lower right corner of the window. Click on the Trusted sites Icon on upper pane of the window. Click on Default Level on lower right corner of the window. Click on the Restricted sites Icon on upper pane of the window. Click on Default Level on lower right corner of the window. Click OK on lower right corner of the window.
--------------------
Run hijackthis and psot the new log .
How is everything running now?
sagaemia
Feb 12 2006, 07:09 PM
+ user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll
+ version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll
+ wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll
+ wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3209255F-FCE9-4B81-9A6F-1604FE2E9678}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3209255F-FCE9-4B81-9A6F-1604FE2E9678}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{37E9851C-DA1E-496E-818C-A9CFD9B13122}] DATAGRAM 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{37E9851C-DA1E-496E-818C-A9CFD9B13122}] SEQPACKET 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{40927BA9-6FF1-4F71-9170-B73B05C5F108}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{40927BA9-6FF1-4F71-9170-B73B05C5F108}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{66B34C7B-415F-44E9-9892-9ECF1324135B}] DATAGRAM 7 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip6_{66B34C7B-415F-44E9-9892-9ECF1324135B}] SEQPACKET 7 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{3209255F-FCE9-4B81-9A6F-1604FE2E9678}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{3209255F-FCE9-4B81-9A6F-1604FE2E9678}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{40927BA9-6FF1-4F71-9170-B73B05C5F108}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{40927BA9-6FF1-4F71-9170-B73B05C5F108}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{66B34C7B-415F-44E9-9892-9ECF1324135B}] DATAGRAM 8 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{66B34C7B-415F-44E9-9892-9ECF1324135B}] SEQPACKET 8 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IPv6] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IPv6] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IPv6] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll
+ Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\localspl.dll
+ Microsoft Shared Fax Monitor Microsoft Fax Print Monitor Microsoft Corporation c:\windows\system32\fxsmon.dll
+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll
+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll
+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll
sagaemia
Feb 12 2006, 07:14 PM
regsvr32 /i webcheck.dll
run success. ------------------------------- no such file is present.
C:\windows\system32\DRIVERS\wanatw4.sys ---------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 上午 11:13:52, on 2006/2/12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
See if there is a copy of wanatw4.sys in this folder please.
C:\windows\system32\dllcache
---------------------- There has been an issue found recently with Sun Java.
When newer versions are installed, the older versions are left behind and malware can call these older versions to exploit flaws. Some malware has been found to install this way.
First update to the very latest version of Sun Java, which is 1.5.0_06
Then go into Add Remove programs and uninstall any older versions you find listed there.
You have a leftover in your run entries which is not doing anything. But Hijackthis cannot clean it out because of the odd characters.
I'll get to that shortly.
sagaemia
Feb 20 2006, 07:48 PM
i cant find a copy of C:\windows\system32\dllcache
Mosaic1
Feb 20 2006, 08:22 PM
Do you mean you can't find See if there is a copy of wanatw4.sys in the dllcache folder?
Or do you mean you can't find this folder? C:\windows\system32\dllcache
sagaemia
Feb 28 2006, 12:28 AM
i cant find the folder: C:\windows\system32\dllcache
Then run the following command: regsvr32 /i webcheck.dll
FInally, run HiJackTHis again, and post a new log in this thread.
sagaemia
Mar 1 2006, 03:58 AM
Logfile of HijackThis v1.99.1 Scan saved at 7:58:07 PM, on 2/28/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Second: Open a Command Prompt Window (Start -> Run -> cmd) Enter the following commands: (then press 'Enter') sc stop "Universal Disk Manager" <-- ok if this command fails sc delete "Universal Disk Manager" exit
Third: Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT
Check the following items in HijackThis. (note: If any R* items mark for deletion, do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.) O4 - HKLM\..\Run: [?? ?"h'??T3r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dhneomt.exe
Close all windows except HijackThis and click Fix checked.
While still in Safe Mode*, delete the following: (you may need to show hidden files**) (Files specified without a full path will be located in C:\Windows\ or C:\Windows\System32\) C:\Program Files\ISTsvc\ <--delete entire folder C:\WINDOWS\dhneomt.exe C:\WINDOWS\SYSTEM32\winkcj32.dll
Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.
Reboot in normal mode
Run HiJackThis again and post a new log in this thread.
Last: Would you please use HiJackThis to produce a startup list and post it here: 1. From HJT main screen, click 'Config' button 2. Click 'Misc Tools' button 3. Check both boxes to the right of 'Generate StartupList Log' button 4. Click 'Generate StartupList Log' button 5. Click 'Yes' in the next dialog 6. Save the log and post a copy in this thread.
sagaemia
Mar 12 2006, 01:48 AM
Logfile of HijackThis v1.99.1 Scan saved at 5:48:09 PM, on 3/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
StartupList report, 3/11/2006, 5:51:20 PM StartupList version: 1.52.2 Started from : C:\Documents and Settings\KevinKo\Desktop\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ==================================================
load=*INI section not found* run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present
- Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registry Editor'
Enumerating Windows NT logon/logoff scripts: *No scripts set to run*
Windows NT checkdisk command: BootExecute = autocheck autochk *
Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\DOCUME~1\KevinKo\LOCALS~1\Temp\StyleXPServicenssi0.exe||C:\DOCUME~1\KevinKo\LOCALS~1\Temp\StyleXPnssi0.exe|||e
End of report, 38,408 bytes Report generated in 0.390 seconds
Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
LoPhatPhuud
Mar 12 2006, 02:05 AM
Look2ME Destroyer has a log file. As requested in my prior post, please post the log file in this thread.
I need to see that log before I do anything else.
sagaemia
Mar 13 2006, 03:56 AM
Look2Me-Destroyer V1.0.10
Scanning for infected files..... Scan started at 2006/3/12 ?? 07:40:03
Attempting to delete infected files...
Making registry repairs.
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
LoPhatPhuud
Mar 13 2006, 04:15 AM
First: Launch Notepad. Copy/paste the text in the box below into a new text file. Save it as fixme.reg on your Desktop
Locate fixme.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer 'Yes' and wait for a message to appear similar to "Merged Successfully".
Second: Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT
Check the following items in HijackThis. (note: If any R* items mark for deletion, do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.) O4 - HKLM\..\Run: [?? ?"h'??T3r?WC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\dhneomt.exe O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\PPATCH~1\ping.exe" -vt yax O4 - HKCU\..\Run: [Ybpoe] C:\WINDOWS\?ppPatch\s?anregw.exe
O8 - Extra context menu item: ·¢Ë͵½ÊÖ»ú - C:\Program Files\xBar\xBar.htm O8 - Extra context menu item: ʹÓÃKuGoo3ÏÂÔØ(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
Close all windows except HijackThis and click Fix checked.
While still in Safe Mode*, delete the following: (you may need to show hidden files**) (Files specified without a full path will be located in C:\Windows\ or C:\Windows\System32\) C:\WINDOWS\dhneomt.exe C:\WINDOWS\PPATCH~1\ <--delete entire folder C:\WINDOWS\?ppPatch\ <--delete entire folder C:\Program Files\xBar\ <--delete entire folder C:\Program Files\KuGoo3\ <--delete entire folder C:\WINDOWS\SYSTEM32\winfyl32.dll
Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.
Reboot in normal mode
Run HiJackThis again and post a new log in this thread.
sagaemia
Mar 13 2006, 07:31 AM
cannot find the following, even with show hidden files: -C:\WINDOWS\dhneomt.exe -C:\WINDOWS\PPATCH~1\ -C:\WINDOWS\?ppPatch\ -C:\Program Files\xBar\
sagaemia
Mar 13 2006, 07:32 AM
Logfile of HijackThis v1.99.1 Scan saved at 11:26:57 PM, on 3/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
please help me, my computer has ben acting weird latly, it kept on poping out this message windows saying that my computer is infected. and ads kept on poping up.
LoPhatPhuud
Mar 15 2006, 06:57 AM
I am almost at the point of suggesting you reformat and re-install. Backup up any data you need saved in the event this becomes a necessity. It is possible that your system is so severely compromised that nothing we can do will clean it. Some entries refuse to remove yet there is no reason for this behavior. I want to check for startup entries that may be hiding in unusual locations. Then it may be necessary to do some manual registry editing to remove certain entries.
Unzip it to the desktop and double-click on it. Silent Runners will ask if you want to skip the supplementary search. Please select 'No' to include them. The program will take longer to run, but wil lgive us more information.
If you get any kind of warning message about scripts, please choose to allow the script to run.
When the scan is finished, a message will pop up and a logfile will have been created on the desktop. The logfile is named 'Startup Programs' by default and will be located where the program is.
Please post the entire contents of this logfile for me to see.
sagaemia
Mar 17 2006, 01:15 AM
"Silent Runners.vbs", revision 44, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry: ---------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {172A43F5-A961-8BEC-4FE2-A9BFA8F6DE9E}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\jrkxo.dll" [null data]
That is not a complete SIlent Runners log. It will need to be run again, but wait until I ask for it in these instructions.
First: Start -> Run -> regedit
When regedit is open, navigate to this key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Look for the following: ??**"h'??T3r*WC:\Program Files\ISTsvc\istsvc.exe (the asterisks are place holders only and the actual value will be different) Right Click on the value, then select 'Delete' Acknowledge the delete and close regedit.
Second: Launch Notepad, and copy/paste in the box below to a new text file. Save it on your Desktop as fixme.reg
CODE
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows installer"=- "Sen"=-
Locate fixme.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer 'Yes' and wait for a message to appear similar to "Merged Successfully".
Third: Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Fourth: Check the following items in HijackThis. O2 - BHO: (no name) - {172A43F5-A961-8BEC-4FE2-A9BFA8F6DE9E} - C:\WINDOWS\system32\jrkxo.dll
Close all windows except HijackThis and click Fix checked.
Reboot in normal mode
Delete the following file: C:\winstall.exe
Run HiJackThis again and post a new log in this thread.
Last: Run Silent Runners again, according to my previous instructions and post the log in this t hread. Be sure to post the whole log.
sagaemia
Mar 17 2006, 06:42 AM
"Silent Runners.vbs", revision 44, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry: ---------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {412C11AE-AC3E-DEEF-4FE2-A9BFA8F6D193}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\gdkxorjc.dll" [null data]
Group Policies [Description]: -----------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ HIJACK WARNING! "ForceActiveDesktopOn"=dword:00000001 [enables Active Desktop and prevents disabling it]
"Wallpaper" = (value not set) [disables the Display Properties|Desktop (tab) (except the "Customize Desktop..." button); selects wallpaper if Active Desktop is enabled]
Active Desktop and Wallpaper: -----------------------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 107 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 33 seconds. ---------- (total run time: 185 seconds)
sagaemia
Mar 17 2006, 06:44 AM
Logfile of HijackThis v1.99.1 Scan saved at 10:43:44 PM, on 3/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Something seemed strange when that C:\winstal.exe entry would not remove. A little checking left me feeling more than a little embarassed. It's part of SpySheriff which takes a special removal and I should have recognized it. This should do it.
Download smitRem.exe and save the file to your desktop. If you cannot access that link, here is an alternate link: smitRem.exe Double click on the file to extract it to its own folder on the desktop.
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch Ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click update
Then click on Start Update
The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido. Ewido manual updates. Do NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06. 1) Run Ad-Aware, and click Check for updates now. 2) Select Configurations (click the Gear wheel at the top) as follows:
General Button > Safety & Settings: Check (Green) all three.
Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Don't run it yet! Exit Ad-aware.
Next, please reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
================================================== Run HijackThis, and press "Scan". When the scan is complete place a check mark next to the following entries:
O2 - BHO: (no name) - {412C11AE-AC3E-DEEF-4FE2-A9BFA8F6D193} - C:\WINDOWS\system32\gdkxorjc.dll
After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." =================================================== Close Hijackthis.
Then search for and DELETE the following file(s)/folder(s) IF STILL PRESENT:
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido:
Then select "Settings"
Under the bottom section "What to Scan?" make sure "Scan every file" is checked.
Select "OK" and you will return to scanning options.
Click on Complete System Scan and the scan will begin.
This scan can take quite a while to run, so please be patient .
While the scan is in progress, you will be prompted to clean the first infected file it finds.
Choose Clean.
Then put a check next to 'Perform action on all infections' . Doing this, enables the scan to proceed automatically until its completion. Click OK
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again. The best place to save it would probably be your Desktop.
Close Ewido
Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
Reboot back into Windows and click the Panda ActiveScan shortcut. - Once you are on the Panda site click the Scan your PC button - A new window will open...click the Check Now button - Enter your Country - Enter your State/Province - Enter your e-mail address and click send - Select either Home User or Company - Click the big Scan Now button - If it wants to install an ActiveX component allow it - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) - When download is complete, click on Local Disks to start the scan - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Post Reply. Let us know if any problems persist.
** It could be possible, after reboot that the system is using the windows classic theme again. To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons. Click apply and OK
sagaemia
Mar 19 2006, 07:27 AM
Incident Status Location
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt[] Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sskcwrd.dll Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-35118732.zip[InstallerApplet.class] Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-70b9958a-4bc1cd2e.zip[GetAccess.class] Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-70b9958a-4bc1cd2e.zip[Installer.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-70b9958a-4bc1cd2e.zip[NewSecurityClassLoader.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-70b9958a-4bc1cd2e.zip[NewURLClassLoader.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[Beyond.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[Dummy.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[NudeBox.class] Virus:Trj/ClassLoader.P Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[Worker.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[VerifierBug.class] Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[javautil.zip] Virus:Trj/Downloader.EAA Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[bot.exe] Spyware:Cookie/888 Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@888[1].txt Spyware:Cookie/888 Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@888[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@ad.yieldmanager[2].txt Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@adopt.hbmediapro[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@atdmt[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@atwola[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@belnk[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@casalemedia[2].txt Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@cassava[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@dist.belnk[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@doubleclick[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@errorsafe[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@fastclick[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@realmedia[1].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@revenue[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@tribalfusion[1].txt Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@valueclick[1].txt Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@winfixer[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@www.errorsafe[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@zedo[2].txt Virus:Trj/Downloader.MO Not disinfected C:\Documents and Settings\KevinKo\Desktop\backups\backup-20060210-181245-151.inf Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\KevinKo\Desktop\smitRem\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\KevinKo\Desktop\smitRem.exe[Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\KevinKo\Local Settings\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\Cache\3EFBEAA3d01[Process.exe] Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Daily Weather Forecast\weather.exe Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N63M2912NetInstaller.exe Adware:Adware/ConsumerAlertSystem Not disinfected C:\WINDOWS\pf78.exe Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@dist.belnk[2].txt Spyware:Cookie/empnads Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@empnads[2].txt Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@rn11[2].txt Adware:adware program Not disinfected C:\WINDOWS\SYSTEM32\data.~ Adware:adware/iedriver Not disinfected C:\WINDOWS\SYSTEM32\Searchx.htm
sagaemia
Mar 19 2006, 07:27 AM
Logfile of HijackThis v1.99.1 Scan saved at 11:27:37 PM, on 3/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
+ Created on: 9:57:08 PM, 3/18/2006 + Report-Checksum: 6C3B933D
+ Scan result:
:mozilla.14:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.15:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.16:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.17:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.18:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.19:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.20:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.25:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.26:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.27:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.28:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.29:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.30:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.31:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.32:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.34:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.36:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.37:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.38:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.39:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.40:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.41:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.42:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.45:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.46:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.47:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.49:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.50:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.51:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.52:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.53:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.94:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.105:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.106:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.109:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.110:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.111:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.112:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.113:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.114:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.115:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.116:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.117:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.118:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.119:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.120:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.121:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.132:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.133:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.134:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.135:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.136:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.137:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.152:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.153:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.165:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.166:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.167:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.168:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.170:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.180:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.183:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.184:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.185:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.229:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.231:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.232:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.233:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.236:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.237:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.238:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.239:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.240:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.280:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.281:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.294:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.295:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.296:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.297:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.299:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.300:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.309:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.327:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.328:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.329:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.330:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.331:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.343:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.344:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.345:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.346:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.347:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.353:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.359:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.360:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.361:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.372:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.373:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.374:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.375:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.376:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.381:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.387:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.388:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.389:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.394:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.395:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.396:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.402:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.416:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup :mozilla.482:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.483:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.486:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.487:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.488:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.489:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.490:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.491:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.513:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.519:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.520:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\KevinKo\Desktop\backups\backup-20060316-222846-597.dll -> Adware.PurityScan : Cleaned with backup C:\Documents and Settings\KevinKo\Desktop\backups\backup-20060318-154439-334.dll -> Adware.PurityScan : Cleaned with backup C:\Program Files\Quiinzip\Cache\000066bb_44137b6f_0009d7f3 -> Downloader.IstBar.j : Cleaned with backup C:\WINDOWS\SYSTEM32\dfrgsrv.exe -> Downloader.Zlob.in : Cleaned with backup C:\WINDOWS\SYSTEM32\ginuerep.dll -> Not-A-Virus.Hoax.Win32.Renos.bv : Cleaned with backup C:\WINDOWS\ΑрpPatch\ping.exe -> Downloader.PurityScan.w : Cleaned with backup
From the 'File' menu in KillBox, select 'Paste from Clipboard' Click the red X, to the far right of the Address Bar Press 'Yes' to the message box that comes up Press 'Yes' to the next box asking you to reboot.
If your computer does not automatically reboot, then close Killbox and restart your computer.
Second: Run HiJackThis again and post a new log in this thread.
sagaemia
Mar 22 2006, 12:37 AM
Logfile of HijackThis v1.99.1 Scan saved at 4:43:46 PM, on 3/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Could you check to see if this file exists? C:\winstall.exe
Also there should be a folder !Killbox or !Submit on C: drive at the root level. Could you zip it and attach to your next post.
sagaemia
Mar 22 2006, 07:56 AM
i donno if the file C:\winstall.exe still exist.. caz i go to search and i couldnt find any except in the !killbox folder
also it kept on have this message "Upload failed. You are not permitted to upload a file with that file extension."
2 hours after this message was posted C:\winstall.exe came back..
LoPhatPhuud
Mar 22 2006, 10:47 PM
Lets run the smitRem remover again to see if we can get rid of that c:\winstal.exe for good. Also did you Zip the Killbox folder with XP's native compressor, Winzip, or WinRar? The board should accept *.zip files but may not accept *.rar files.
Download smitRem.exe and save the file to your desktop. If you cannot access that link, here is an alternate link: smitRem.exe Double click on the file to extract it to its own folder on the desktop.
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch Ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click update
Then click on Start Update
The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido. Ewido manual updates. Do NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06. 1) Run Ad-Aware, and click Check for updates now. 2) Select Configurations (click the Gear wheel at the top) as follows:
General Button > Safety & Settings: Check (Green) all three.
Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Don't run it yet! Exit Ad-aware.
Next, please reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
================================================== Run HijackThis, and press "Scan". When the scan is complete place a check mark next to the following entries:
----- Insert HijackThis Entries here -----
After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." =================================================== Close Hijackthis.
Then search for and DELETE the following file(s)/folder(s) IF STILL PRESENT:
------ insert any other malware files here ----
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido:
Then select "Settings"
Under the bottom section "What to Scan?" make sure "Scan every file" is checked.
Select "OK" and you will return to scanning options.
Click on Complete System Scan and the scan will begin.
This scan can take quite a while to run, so please be patient .
While the scan is in progress, you will be prompted to clean the first infected file it finds.
Choose Clean.
Then put a check next to 'Perform action on all infections' . Doing this, enables the scan to proceed automatically until its completion. Click OK
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again. The best place to save it would probably be your Desktop.
Close Ewido
Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
Reboot back into Windows and click the Panda ActiveScan shortcut. - Once you are on the Panda site click the Scan your PC button - A new window will open...click the Check Now button - Enter your Country - Enter your State/Province - Enter your e-mail address and click send - Select either Home User or Company - Click the big Scan Now button - If it wants to install an ActiveX component allow it - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) - When download is complete, click on Local Disks to start the scan - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Post Reply. Let us know if any problems persist.
** It could be possible, after reboot that the system is using the windows classic theme again. To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons. Click apply and OK
+ Created on: 8:01:50 PM, 4/4/2006 + Report-Checksum: D032AF1E
+ Scan result:
C:\!KillBox\16197.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup C:\!KillBox\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup C:\!KillBox.zip/!KillBox/16197.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup C:\!KillBox.zip/!KillBox/winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.bw : Cleaned with backup :mozilla.10:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.16:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.20:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.35:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.53:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.54:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.55:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.56:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.57:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.58:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.59:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.60:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.61:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.62:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.63:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.64:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.65:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.66:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.67:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.68:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.69:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.70:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.71:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.72:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.74:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.75:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.76:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.77:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.78:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.79:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.80:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.81:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.82:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.83:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.84:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.85:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.86:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.87:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.88:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.89:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.90:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.91:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.92:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.93:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.94:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.95:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.96:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.97:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.98:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.99:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.100:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.107:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.108:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.109:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.110:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.111:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.112:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.113:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.114:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.122:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.148:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.150:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.183:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.184:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.185:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.186:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.187:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.188:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.189:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.190:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.191:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.192:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.193:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.194:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.195:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.196:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.197:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.198:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.199:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.201:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.202:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.203:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.208:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.209:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.210:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.211:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.212:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup :mozilla.265:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.266:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.269:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.270:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.274:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.287:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.306:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.313:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.314:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.354:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.368:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.369:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.404:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.412:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.414:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.423:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.424:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.425:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.426:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.432:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.433:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.434:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.435:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.452:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.453:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.454:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.455:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.456:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.457:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.458:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.467:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.468:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.469:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.470:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.471:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.472:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.488:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.489:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.490:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.491:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.492:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.503:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup :mozilla.504:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.505:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.506:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.511:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.512:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.513:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.514:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.515:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.527:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup :mozilla.528:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup :mozilla.536:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup :mozilla.549:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.556:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.588:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.589:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.596:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.608:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.609:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.610:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.611:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.612:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.613:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.614:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.-- The nicest hobby on Earth ;) --counter : Cleaned with backup :mozilla.615:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.-- The nicest hobby on Earth ;) --counter : Cleaned with backup :mozilla.633:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.634:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.635:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.637:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.656:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.657:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.665:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.666:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.667:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.668:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.669:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.670:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.676:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.692:C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@e-2dj6wgl4wocjahq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@install.bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\KevinKo\Cookies\kevinko@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\WINDOWS\Downloaded Program Files\AUTO_4289_N.exe -> Trojan.Dialer.hh : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\AUTO_4289_N.exe -> Trojan.Dialer.hh : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.2\AUTO_4289_N.exe -> Trojan.Dialer.hh : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.3\AUTO_4289_N.exe -> Trojan.Dialer.hh : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.4\AUTO_4289_N.exe -> Trojan.Dialer.hh : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.5\AUTO_4289_N.exe -> Trojan.Dialer.hh : Cleaned with backup C:\WINDOWS\SYSTEM\setup4.exe -> Adware.AdHelper : Cleaned with backup C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL -> Adware.AdHelper : Cleaned with backup
::Report End
sagaemia
Apr 5 2006, 04:37 AM
Incident Status Location
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\KevinKo\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\cookies.txt[] Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sskcwrd.dll Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-35118732.zip[InstallerApplet.class] Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-70b9958a-4bc1cd2e.zip[GetAccess.class] Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-70b9958a-4bc1cd2e.zip[Installer.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-70b9958a-4bc1cd2e.zip[NewSecurityClassLoader.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-70b9958a-4bc1cd2e.zip[NewURLClassLoader.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[Beyond.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[Dummy.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[NudeBox.class] Virus:Trj/ClassLoader.P Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[Worker.class] Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[VerifierBug.class] Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[javautil.zip] Virus:Trj/Downloader.EAA Not disinfected C:\Documents and Settings\KevinKo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-16042425-6316994a.zip[bot.exe] Spyware:Cookie/888 Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@888[1].txt Spyware:Cookie/888 Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@888[2].txt Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@adopt.hbmediapro[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@atwola[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@belnk[1].txt Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@cassava[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@dist.belnk[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@errorsafe[2].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@i.screensavers[1].txt Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@winfixer[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\KevinKo\Cookies\kevinko@www.errorsafe[2].txt Virus:Trj/Downloader.MO Not disinfected C:\Documents and Settings\KevinKo\Desktop\backups\backup-20060210-181245-151.inf Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\KevinKo\Desktop\smitRem\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\KevinKo\Desktop\smitRem(2).exe[Process.exe] Dialer:dialer.cos Not disinfected C:\Documents and Settings\KevinKo\Favorites\exsplorer.lnk Dialer:dialer.akd Not disinfected C:\Documents and Settings\KevinKo\Favorites\WinMoviePlugin.lnk Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\KevinKo\Local Settings\Application Data\Mozilla\Firefox\Profiles\bwhou3z0.default\Cache\3EFBEAA3d01[Process.exe] Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Daily Weather Forecast\weather.exe Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N63M2912NetInstaller.exe Adware:Adware/ConsumerAlertSystem Not disinfected C:\WINDOWS\pf78.exe Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@dist.belnk[2].txt Spyware:Cookie/empnads Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@empnads[2].txt Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@rn11[2].txt Adware:adware program Not disinfected C:\WINDOWS\SYSTEM32\data.~ Adware:adware/iedriver Not disinfected C:\WINDOWS\SYSTEM32\Searchx.htm
sagaemia
Apr 5 2006, 04:38 AM
Logfile of HijackThis v1.99.1 Scan saved at 9:31:03 PM, on 4/4/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)