Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Downloader-aux


  • Please log in to reply
8 replies to this topic

#1 MarioDuke

MarioDuke

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 17 June 2006 - 12:36 AM

Hi, my computer has been infected with Downloader-AUX and I'm having trouble getting rid of it. I have followed most of the steps in this thread: http://www.bleepingcomputer.com/forums/lof...php/t54463.html , but now I need some help with the next steps.

Below are the logs from HijackThis, smitfiles, ewido, Panda ActiveScan, and WinPFind.

Thanks in advance for helping.

Logfile of HijackThis v1.99.1
Scan saved at 1:25:45 AM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=ftp-proxy.duke.edu:8080;gopher=gopher-proxy.duke.edu:8080;http=http-proxy.duke.edu:8080;https=https-proxy.duke.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: winvax32 - winvax32.dll (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)

-------------------------------------------------


smitRem log file
version 3.0

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Fri 06/16/2006
The current time is: 20:43:44.97

Running from
C:\Documents and Settings\Ho Song\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{a2cd90b5-e5a2-4aac-a504-c964a6d499df}"="distractible"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{a2cd90b5-e5a2-4aac-a504-c964a6d499df}\InProcServer32]
@="C:\WINDOWS\system32\yvvdj.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

regperf.exe
simpole.tlb
stdole3.tlb
atmclk.exe
dcomcfg.exe
amcompat.tlb
nscompat.tlb
1024 dir
hp***.tmp
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 768 'explorer.exe'
Killing PID 768 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{a2cd90b5-e5a2-4aac-a504-c964a6d499df}"="distractible"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{a2cd90b5-e5a2-4aac-a504-c964a6d499df}\InProcServer32]
@="C:\WINDOWS\system32\yvvdj.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :thumbsup:


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:22:20 AM, 6/17/2006
+ Report-Checksum: 1C17DABD

+ Scan result:

:mozilla.10:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adition : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Xhit : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.401:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Bluemountain : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.467:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.489:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.490:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.492:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.493:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.494:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.495:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.496:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.498:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.499:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.502:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.503:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.504:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.505:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.507:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.511:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.514:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.515:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.516:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.517:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.518:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.531:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.576:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.585:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.627:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.628:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.629:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.704:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.705:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.706:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profi

BC AdBot (Login to Remove)

 


m

#2 MarioDuke

MarioDuke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 17 June 2006 - 12:43 AM

:mozilla.706:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.707:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.708:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.758:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.763:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.773:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.774:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.775:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.776:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.777:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.792:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.793:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.794:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.796:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.797:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.798:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.799:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.800:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.801:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.840:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.843:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adengage : Cleaned with backup
:mozilla.846:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adengage : Cleaned with backup
:mozilla.847:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adengage : Cleaned with backup
:mozilla.848:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.849:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.850:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.851:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.863:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.864:C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Ho Song\Cookies\ho song@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup
C:\quarantine\winvax32.dll -> Trojan.Agent.vg : Cleaned with backup


::Report End
--------------------------------------------------------
ActiveScan

Incident Status Location

Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt[.go.com/]
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt[www.advnt01.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt[.belnk.com/]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt[64.62.232.6/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Ho Song\Application Data\Mozilla\Firefox\Profiles\eg2ksl5p.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ho Song\Cookies\ho song@go[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ho Song\Cookies\ho song@go[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ho Song\Cookies\ho song@go[4].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ho Song\Cookies\ho song@go[5].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Ho Song\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Ho Song\Desktop\smitRem.exe[smitRem/Process.exe]
-----------------------------------------------------
WinPFind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/18/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 5/15/2004 3:10:42 AM 75264 C:\WINDOWS\SYSTEM32\MACDec.dll
UPX! 6/19/2004 5:28:44 AM 177152 C:\WINDOWS\SYSTEM32\MonkeySource.ax
PECompact2 6/8/2006 9:19:50 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 6/8/2006 9:19:50 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 10/28/2005 12:30:32 PM 56832 C:\WINDOWS\SYSTEM32\snapapi.dll
UPX! 6/18/2003 11:26:42 AM 21357 C:\WINDOWS\SYSTEM32\UninstXviDDec.exe
winsync 8/18/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
6/17/2006 12:43:18 AM S 2048 C:\WINDOWS\bootstat.dat
6/16/2006 7:33:20 PM H 551 C:\WINDOWS\vp.ini
6/17/2006 12:32:32 AM H 0 C:\WINDOWS\LastGood\INF\oem22.inf
6/17/2006 12:32:32 AM H 0 C:\WINDOWS\LastGood\INF\oem22.PNF
5/14/2006 6:21:52 AM S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
5/5/2006 10:22:46 AM S 12227 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914389.cat
5/29/2006 12:16:00 PM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
5/18/2006 3:15:12 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
5/4/2006 6:37:36 PM S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917734.cat
4/20/2006 10:41:54 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917953.cat
6/1/2006 4:28:56 PM S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
6/17/2006 12:43:02 AM H 8192 C:\WINDOWS\system32\config\default.LOG
6/17/2006 12:43:40 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
6/17/2006 12:43:20 AM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
6/17/2006 12:44:54 AM H 86016 C:\WINDOWS\system32\config\software.LOG
6/17/2006 12:43:32 AM H 1171456 C:\WINDOWS\system32\config\system.LOG
6/15/2006 1:57:44 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
5/12/2006 2:10:52 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\308fd979-c82e-4b4a-b04f-181a96854a32
5/12/2006 2:10:52 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
6/17/2006 12:41:52 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
8/18/2003 8:20:04 PM 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
WIDCOMM, Inc. 9/3/2003 1:53:26 AM 245825 C:\WINDOWS\SYSTEM32\btcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
TOSHIBA Corp. 8/1/2002 5:49:42 PM 438272 C:\WINDOWS\SYSTEM32\HWSETUP.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
AvantGo, Inc. 2/21/2003 6:58:26 PM 69632 C:\WINDOWS\SYSTEM32\MBLLNK.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 8/15/2002 1:14:00 PM 180224 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 5/17/2002 4:04:56 AM 45154 C:\WINDOWS\SYSTEM32\plugincpl131_04.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
12/28/2002 12:14:38 PM 81920 C:\WINDOWS\SYSTEM32\Startup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
TOSHIBA Corp. 7/30/2002 7:33:52 PM 167936 C:\WINDOWS\SYSTEM32\tmeprop.cpl
TOSHIBA Corporation 6/10/2002 5:11:24 PM 876544 C:\WINDOWS\SYSTEM32\TPWRSAVE.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
WildTangent, Inc. 3/12/2004 2:53:44 AM 45056 C:\WINDOWS\SYSTEM32\wtcpl.cpl
Microsoft Corporation 5/25/2005 3:16:30 PM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
YAMAHA CORPORATION 7/24/2002 7:42:34 PM 249856 C:\WINDOWS\SYSTEM32\yacxgc.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 5/25/2005 3:16:30 PM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Microsoft Corporation 9/24/2002 12:25:18 AM 111104 C:\WINDOWS\SYSTEM32\ReinstallBackups\0019\DriverFiles\i386\irprops.cpl
Microsoft Corporation 9/24/2002 12:25:18 AM 111104 C:\WINDOWS\SYSTEM32\ReinstallBackups\0020\DriverFiles\i386\irprops.cpl
Microsoft Corporation 9/24/2002 12:25:18 AM 111104 C:\WINDOWS\SYSTEM32\ReinstallBackups\0021\DriverFiles\i386\irprops.cpl
NVIDIA Corporation 8/15/2002 12:14:00 AM 180224 C:\WINDOWS\SYSTEM32\ReinstallBackups\0023\DriverFiles\nvtuicpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
4/20/2003 10:00:50 AM 910 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
2/20/2004 9:46:12 PM 681 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
7/23/2002 7:47:08 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/23/2002 12:37:58 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
8/23/2003 5:49:30 AM 7 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
2/4/2005 10:40:02 AM 7 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
2/2/2006 12:34:38 AM 2578 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
7/23/2002 7:47:08 PM HS 84 C:\Documents and Settings\Ho Song\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
1/18/2006 10:53:18 PM 39014 C:\Documents and Settings\Ho Song\Application Data\Comma Separated Values (Windows).ADR
7/23/2002 12:37:58 PM HS 62 C:\Documents and Settings\Ho Song\Application Data\desktop.ini
7/9/2005 8:31:28 AM 88936 C:\Documents and Settings\Ho Song\Application Data\GDIPFONTCACHEV1.DAT
4/26/2006 4:33:12 PM 125 C:\Documents and Settings\Ho Song\Application Data\iScrobbler.ini
12/30/2005 9:56:22 AM 39023 C:\Documents and Settings\Ho Song\Application Data\Tab Separated Values (Windows).ADR

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Mp3TS ShEx
{AC54FB61-7D59-49A9-BA7C-C36E084D547E} = C:\WINDOWS\System32\mp3tsshx.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Mp3TS ShEx
{AC54FB61-7D59-49A9-BA7C-C36E084D547E} = C:\WINDOWS\System32\mp3tsshx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText = Create Mobile Favorite :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText = Create Mobile Favorite... : C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7F9DB11C-E358-4ca6-A83D-ACC663939424}
ButtonText = Bonjour :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRA~1\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B13B4423-2647-4cfc-A4B3-C7D56CB83487}
ButtonText = Share in Hello :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}
ButtonText = @btrez.dll,-4015 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
00THotkey C:\WINDOWS\System32\00THotkey.exe
000StTHK 000StTHK.exe
TFNF5 TFNF5.exe
Tpwrtray TPWRTRAY.EXE
TosHKCW.exe "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
TFncKy TFncKy.exe /Type 03
TcmTray
TDispVol TDispVol.exe
TMESBS.EXE C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client

Pinger c:\toshiba\ivp\ism\pinger.exe /run
TSysSMon c:\toshiba\sysstability\tsyssmon.exe /detect
cPadAlarm C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
DIGStream C:\Program Files\DIGStream\digstream.exe
BluetoothAuthenticationAgent rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
TouchED C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ShStatEXE "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
NvCplDaemon RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz nwiz.exe /installquiet
SM1BG C:\WINDOWS\SM1BG.EXE
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
OrderReminder C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
mmtask "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
H/PC Connection Agent "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
NVIEW rundll32.exe nview.dll,nViewLoadHook

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoActiveDesktopChanges 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0
NoAddingComponents 0
NoComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoCloseDragDropBands 0
NoMovingBands 0
NoHTMLWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0
ForceActiveDesktopOn 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoDispAppearancePage 0
NoColorChoice 0
NoSizeChoice 0
NoDispBackgroundPage 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winvax32
= winvax32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/17/2006 12:55:55 AM

I appreciate the help... thanks

#3 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 17 June 2006 - 11:13 AM

Hi MarioDuke and Welcome to the Bleeping Computer!

See if you can locate this file

C:\WINDOWS\system32\yvvdj.dll


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Post the results of the CureIt scan in the next reply please.

#4 MarioDuke

MarioDuke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 17 June 2006 - 06:00 PM

Hi Cretemonster,

Thanks for responding.

I could not find the file (C:\WINDOWS\system32\yvvdj.dll)

I ran Dr.Web CureIt, but I could not get it to save the report (when I opened the saved report, it didn't have any data). But it only found one object:

WxBug.exe
Path: C:\Program Files\AIM95\Sysfiles
Action: Incurable.Deleted

One more thing... as the scan was running, VirusScan detected the following trojans and moved them to the quarantine folder:

JAR_CACHE38630.TMP.VIR
JAR_CACHE38631.TMP.VIR

Here is the latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:54:17 PM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\System32\svchost.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ho Song\Desktop\drweb-cureit.exe
C:\DOCUME~1\HOSONG~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\HOSONG~1\LOCALS~1\Temp\RarSFX0\cureit.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=ftp-proxy.duke.edu:8080;gopher=gopher-proxy.duke.edu:8080;http=http-proxy.duke.edu:8080;https=https-proxy.duke.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: winvax32 - winvax32.dll (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)

Again, thanks for helping.

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 18 June 2006 - 04:39 AM

Dont worry about the CureIt log since you allready know what it found.

The 2 files above look to be allready disabled because of the .vir extension,so mcafee quarantine is a good place for them.


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe

O20 - Winlogon Notify: winvax32 - winvax32.dll (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#6 MarioDuke

MarioDuke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 18 June 2006 - 03:08 PM

Hi Cretemonster,

The Kaspersky Online Scan didn't find anything... all sections were clean, so no report to attach. Does this mean that my computer is now clean, or is there more to do?

Here is the most recent HijackThis log just in case you need it.

Logfile of HijackThis v1.99.1
Scan saved at 4:07:00 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=ftp-proxy.duke.edu:8080;gopher=gopher-proxy.duke.edu:8080;http=http-proxy.duke.edu:8080;https=https-proxy.duke.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 03
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)


Thanks

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 19 June 2006 - 04:50 AM

As far as I can see it appears clean! :thumbsup:


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?

#8 MarioDuke

MarioDuke
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 20 June 2006 - 07:48 PM

Hi Cretemonster,

THANK YOU so much... really thanks for taking the time to help me out.

So far everything looks fine, I hope it stays that way.

Thanks again.

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 June 2006 - 03:40 AM

Lets go one more day and be sure everything is OK,do all your normal functions and browsing with the PC and we will see what tomorrow brings us! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users