Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem Getting Rid Of Downloader, Clicker, Psw. Agent And Generic3 Trojans


  • This topic is locked This topic is locked
16 replies to this topic

#1 Kofucius

Kofucius

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 11 March 2007 - 08:42 PM

Good Evening,


I have been having issues with 4 types of Trojans and I think I might have cleared most of the programs and files they added to my computer. However, I know that there must be some programs/files lagging around since my AVG once in a while finds one of these Trojans (Downloader, Clicker, PSW.Agent and Generic3). Below is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:41:53 PM, on 3/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
d:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malicious Software Removal Tool\KB890830-ENU.exe
d:\6e14741c7eb6906486d7e4a2c45b08\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer by Cavalier Telephone, LLC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: wkkt - {A2129330-A0CC-41C0-B7EE-619874FF5FF5} - C:\PROGRA~1\COMMON~1\cats\gxxd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] d:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Access Internet Keyword - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT] Chinese Navigation
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3517F20A-727D-47A9-BF5F-87A4C2004BA9}: NameServer = 64.83.1.10,209.137.160.3
O18 - Protocol: bw+0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Microsoft Update Service (DiRVIn) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Any help that can be shared would be greatly appreciated.

Thanks!!

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:29 PM

Posted 15 March 2007 - 04:13 PM

Hello Kofucius,

Sorry for the delay.

I am SifuMike and I will be helping you. :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

Edited by SifuMike, 15 March 2007 - 04:13 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Kofucius

Kofucius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 17 March 2007 - 12:47 PM

Hey SifuMike (thank you for the assistance),


Here is the log:

"Administrator" - 07-03-17 12:42:30 Service Pack 2
ComboFix 07-03-15.2 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\~tmp32.exe
C:\WINDOWS\system32\ad1830.exe
C:\WINDOWS\system32\ao205.exe
C:\WINDOWS\system32\12.exe
C:\WINDOWS\20070303083143688.exe
C:\WINDOWS\20070303153507734.exe
C:\WINDOWS\20070304090513516.exe
C:\WINDOWS\20072820373759818.exe
C:\WINDOWS\20073110011555.exe
C:\WINDOWS\20073110136679.exe
C:\WINDOWS\200731155222229.exe
C:\WINDOWS\200738162743153.exe
C:\WINDOWS\20073923415853.exe
C:\WINDOWS\20073925612185.exe
C:\WINDOWS\20073981454990.exe
C:\WINDOWS\20073981513232.exe
C:\WINDOWS\20073983843644.exe
C:\WINDOWS\20073983910159.exe
C:\WINDOWS\system32\hckct.dll
C:\WINDOWS\system32\11729126441b.exe
C:\WINDOWS\system32\11729126792b.exe
C:\Program Files\Common Files\cats\jaxg.dll
C:\DOCUME~1\ALLUSE~2.WIN\TEMPLA~1.\temp.exe
C:\Program Files\Internet Explorer\user32.dll
C:\WINDOWS\system32\advport.dll
C:\WINDOWS\system32\cdnprot.dat
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\ncio.sys
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\system32\mywebhit.ini.tmp
C:\WINDOWS\system32\Score.txt
C:\WINDOWS\system32\wbem\ocmor.dll
C:\WINDOWS\dataacess.dll
C:\WINDOWS\installreg.exe
C:\WINDOWS\mydown_tmp.txt
C:\WINDOWS\mywinsys.ini
C:\WINDOWS\sysdn.ini
C:\WINDOWS\system32\set.exe
C:\WINDOWS\mh.exe
C:\Program Files\winupdates
C:\WINDOWS\system32\winup
C:\WINDOWS\system32\wingcc38.dll
C:\\WINDOWS\system32\drivers\cdtlhy75.sys
C:\\WINDOWS\system32\drivers\wcggcc38.sys
C:\WINDOWS\system32\drivers\cdtlhy75.sys
C:\WINDOWS\system32\drivers\ssevnd08.sys . . . . failed to delete
C:\WINDOWS\system32\ssevnd08.dll . . . . failed to delete
C:\WINDOWS\system32\drivers\wcggcc38.sys
C:\~de*.tmp
C:\WINDOWS\system32\cdtlhy75.dll
C:\WINDOWS\system32\wcggcc38.dll
C:\WINDOWS\system32\cdtlhy75.dll
C:\WINDOWS\system32\wcggcc38.dll
C:\Program Files\Common Files\cats\gxxd.dll
C:\WINDOWS\system32\ntfis.exe
C:\WINDOWS\imapi.exe


((((((((((((((((((((((((((((((( Files Created from 2007-02-17 to 2007-03-17 ))))))))))))))))))))))))))))))))))


2007-03-17 10:35 <DIR> d-------- C:\Program Files\Common Files\okvqzbf
2007-03-11 20:22 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-03-11 20:22 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-03-11 20:22 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-03-11 20:06 <DIR> d-------- C:\Program Files\ieSpell
2007-03-11 19:55 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys
2007-03-11 19:55 10,752 --------- C:\WINDOWS\system32\rspndr.exe
2007-03-11 19:49 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-03-11 19:42 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-03-11 19:42 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-11 19:28 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-03-11 18:43 <DIR> d-------- C:\Program Files\Windows Defender
2007-03-11 18:05 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2007-03-11 18:05 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2007-03-11 18:05 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2007-03-11 18:05 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2007-03-11 18:02 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-11 17:57 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-03-11 17:51 <DIR> d-------- C:\WINDOWS\system32\en
2007-03-11 17:50 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2007-03-11 17:50 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2007-03-11 17:50 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2007-03-11 17:24 <DIR> d--h-c--- C:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-ENU$
2007-03-11 17:08 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-03-11 16:58 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-03-11 16:57 <DIR> d-------- C:\Program Files\HighMAT CD Writing Wizard
2007-03-11 16:56 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-03-11 16:56 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-03-11 16:56 <DIR> d-------- C:\Program Files\Adaptec ASPI
2007-03-11 15:10 <DIR> d-------- C:\Program Files\Media Player Classic
2007-03-11 10:14 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-03-10 20:02 313 --a------ C:\WINDOWS\hosts.dat
2007-03-10 19:53 <DIR> d-------- C:\!KillBox
2007-03-10 12:43 21,650 --a------ C:\WINDOWS\system32\wingcc38.bin
2007-03-10 12:25 <DIR> d-------- C:\Program Files\Common Files\cats\yppv
2007-03-10 12:25 <DIR> d-------- C:\Program Files\Common Files\cats\evvb
2007-03-10 12:24 <DIR> d-------- C:\Program Files\Common Files\iswf
2007-03-10 12:24 <DIR> d-------- C:\Program Files\Common Files\cats
2007-03-10 11:03 13,824 --a------ C:\WINDOWS\system32\ms.dll
2007-03-09 21:18 22,528 --a------ C:\WINDOWS\jh.exe
2007-03-09 21:08 140 --a------ C:\WINDOWS\system32\winlhy75.bin
2007-03-09 21:07 <DIR> d-------- C:\WINDOWS\system32\wcggcc38
2007-03-08 00:57 <DIR> d-------- C:\Program Files\a-squared Free
2007-03-08 00:02 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-03-07 23:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1.WOR\.housecall6.6
2007-03-07 23:01 15,872 --a------ C:\WINDOWS\wl.exe
2007-03-07 23:00 15,872 --a------ C:\WINDOWS\my.exe
2007-03-07 22:55 15,872 --a------ C:\WINDOWS\msm.exe
2007-03-03 00:04 <DIR> d-------- C:\WINDOWS\system32\cdtlhy75
2007-03-02 20:43 588 --a------ C:\WINDOWS\system32\FB5E3AFA.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-17 10:29 30720 --a------ C:\WINDOWS\system32\winlhy75.dll
2007-03-14 18:42 -------- d-a------ C:\Program Files\java
2007-03-11 19:58 -------- d-------- C:\Program Files\autopatcher
2007-03-11 10:57 -------- d-a------ C:\Program Files\msn messenger
2007-03-11 10:57 -------- d-------- C:\DOCUME~1\ADMINI~1.WOR\APPLIC~1\ppstream
2007-03-11 10:39 -------- d-a------ C:\Program Files\enigma software group
2007-03-08 07:44 -------- d-------- C:\Program Files\aws
2007-03-04 17:44 -------- d-------- C:\DOCUME~1\ADMINI~1.WOR\APPLIC~1\gtk-2.0
2007-03-03 08:10 49152 --a------ C:\WINDOWS\system32\ssevnd08.dll
2007-02-14 16:24 16512 --a------ C:\WINDOWS\system32\drivers\ssevnd08.sys
2007-01-25 23:16 -------- d-------- C:\DOCUME~1\ADMINI~1.WOR\APPLIC~1\songbird_vlc
2007-01-21 11:12 -------- d-------- C:\Program Files\maxtv
2007-01-21 11:09 -------- d-------- C:\Program Files\maxsoftware
2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LDM"="d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nForce Tray Options"="sstray.exe /r"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"StarSkin"="C:\\PROGRAM FILES\\ROCKET DIVISION SOFTWARE\\STARSKIN\\STARSKIN.EXE -H"
"Logitech Utility"="Logi_MwX.Exe"
"Zone Labs Client"="\"d:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Google Updater.lnk.disabled]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Google Updater.lnk.disabled"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnk.disabledCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Google Updater.lnk.disabled"
"item"="Google Updater.lnk"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdafdsafds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="base"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\ADMINI~1.WOR\\LOCALS~1\\Temp\\base.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="upxdn"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\ADMINI~1.WOR\\LOCALS~1\\Temp\\upxdn.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="upxdnd"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\ADMINI~1.WOR\\LOCALS~1\\Temp\\upxdnd.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001
"NoRemoteRecursiveEvents"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeKeyboardNavigationIndicators"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSharedDocuments"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
bkvqtbf



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

? [1972]
? [256]

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 2
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-17 13:44:27

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:29 PM

Posted 17 March 2007 - 01:02 PM

Hi Kofucius,


Please post a fresh Hijackthis log. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Kofucius

Kofucius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 17 March 2007 - 01:25 PM

Hey SifuMike,

Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 2:27:48 PM, on 3/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
d:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Gaim\gaim.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...age=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer by Cavalier Telephone, LLC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - e:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: wkkt - {A2129330-A0CC-41C0-B7EE-619874FF5FF5} - C:\PROGRA~1\COMMON~1\cats\gxxd.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [LDM] d:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3517F20A-727D-47A9-BF5F-87A4C2004BA9}: NameServer = 64.83.1.10,209.137.160.3
O18 - Protocol: bw+0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:29 PM

Posted 17 March 2007 - 01:39 PM

Hi Kofucius,


Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key. If that does not work this go to this site: http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/



Please boot into Safe Mode and select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

O2 - BHO: wkkt - {A2129330-A0CC-41C0-B7EE-619874FF5FF5} - C:\PROGRA~1\COMMON~1\cats\gxxd.dll (file missing)

I don't believe Logitech Desktop Messenger is something you will ever miss, but instead of uninstalling it, just follow my instructions below (which will stop it running) but will still leave it available for you to run manualy, should you so desire...

O4 - HKCU\..\Run: [LDM] d:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe


"Fix" all of the O18's (you have 78 of them to fix)
O18 - Protocol: bw+0 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


*******************************************

Next, we're going on a file hunt.
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'

Don't use the windows start\search feature
Using Windows Explorer, find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked.
If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know.
Using Windows Explorer, delete the following files/folders in bold (Do not be concerned if they do not exist)

C:\WINDOWS\system32\winlhy75.dll <==file


*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

Do not use the "Issues" block . It's meant for professionals.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************


Reboot to the Normal Mode

Run ComboFix again.

Post the Combofix log and a fresh Hijackthis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Kofucius

Kofucius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 18 March 2007 - 09:05 PM

Good Evening SifuMike,

Sorry for the delayed response, but here are the logs.

ComboFix:
"Administrator" - 07-03-18 21:21:21 Service Pack 2
ComboFix 07-03-15.2 - Running from: "C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\My Documents"

((((((((((((((((((((((((((((((( Files Created from 2007-02-18 to 2007-03-18 ))))))))))))))))))))))))))))))))))


2007-03-17 10:35 <DIR> d-------- C:\Program Files\Common Files\okvqzbf
2007-03-11 20:22 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-03-11 20:22 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-03-11 20:22 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-03-11 20:06 <DIR> d-------- C:\Program Files\ieSpell
2007-03-11 19:55 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys
2007-03-11 19:55 10,752 --------- C:\WINDOWS\system32\rspndr.exe
2007-03-11 19:49 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-03-11 19:42 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-03-11 19:42 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-11 19:28 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-03-11 18:43 <DIR> d-------- C:\Program Files\Windows Defender
2007-03-11 18:05 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2007-03-11 18:05 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2007-03-11 18:05 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2007-03-11 18:05 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2007-03-11 18:02 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-11 17:57 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-03-11 17:51 <DIR> d-------- C:\WINDOWS\system32\en
2007-03-11 17:50 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2007-03-11 17:50 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2007-03-11 17:50 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2007-03-11 17:24 <DIR> d--h-c--- C:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-ENU$
2007-03-11 17:08 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-03-11 16:58 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-03-11 16:57 <DIR> d-------- C:\Program Files\HighMAT CD Writing Wizard
2007-03-11 16:56 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-03-11 16:56 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-03-11 16:56 <DIR> d-------- C:\Program Files\Adaptec ASPI
2007-03-11 15:10 <DIR> d-------- C:\Program Files\Media Player Classic
2007-03-11 10:14 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-03-10 20:02 313 --a------ C:\WINDOWS\hosts.dat
2007-03-10 19:53 <DIR> d-------- C:\!KillBox
2007-03-10 12:43 21,650 --a------ C:\WINDOWS\system32\wingcc38.bin
2007-03-10 12:24 <DIR> d-------- C:\Program Files\Common Files\iswf
2007-03-10 12:24 <DIR> d-------- C:\Program Files\Common Files\cats
2007-03-10 11:03 13,824 --a------ C:\WINDOWS\system32\ms.dll
2007-03-09 21:18 22,528 --a------ C:\WINDOWS\jh.exe
2007-03-09 21:08 140 --a------ C:\WINDOWS\system32\winlhy75.bin
2007-03-09 21:07 <DIR> d-------- C:\WINDOWS\system32\wcggcc38
2007-03-08 00:57 <DIR> d-------- C:\Program Files\a-squared Free
2007-03-08 00:02 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-03-07 23:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1.WOR\.housecall6.6
2007-03-07 23:01 15,872 --a------ C:\WINDOWS\wl.exe
2007-03-07 23:00 15,872 --a------ C:\WINDOWS\my.exe
2007-03-07 22:55 15,872 --a------ C:\WINDOWS\msm.exe
2007-03-03 00:04 <DIR> d-------- C:\WINDOWS\system32\cdtlhy75
2007-03-02 20:43 588 --a------ C:\WINDOWS\system32\FB5E3AFA.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-14 18:42 -------- d-a------ C:\Program Files\java
2007-03-11 19:58 -------- d-------- C:\Program Files\autopatcher
2007-03-11 10:57 -------- d-a------ C:\Program Files\msn messenger
2007-03-11 10:57 -------- d-------- C:\DOCUME~1\ADMINI~1.WOR\APPLIC~1\ppstream
2007-03-11 10:39 -------- d-a------ C:\Program Files\enigma software group
2007-03-08 07:44 -------- d-------- C:\Program Files\aws
2007-03-04 17:44 -------- d-------- C:\DOCUME~1\ADMINI~1.WOR\APPLIC~1\gtk-2.0
2007-01-25 23:16 -------- d-------- C:\DOCUME~1\ADMINI~1.WOR\APPLIC~1\songbird_vlc
2007-01-21 11:12 -------- d-------- C:\Program Files\maxtv
2007-01-21 11:09 -------- d-------- C:\Program Files\maxsoftware
2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nForce Tray Options"="sstray.exe /r"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"StarSkin"="C:\\PROGRAM FILES\\ROCKET DIVISION SOFTWARE\\STARSKIN\\STARSKIN.EXE -H"
"Logitech Utility"="Logi_MwX.Exe"
"Zone Labs Client"="\"d:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Google Updater.lnk.disabled]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Google Updater.lnk.disabled"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnk.disabledCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Google Updater.lnk.disabled"
"item"="Google Updater.lnk"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdafdsafds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="base"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\ADMINI~1.WOR\\LOCALS~1\\Temp\\base.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdn]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="upxdn"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\ADMINI~1.WOR\\LOCALS~1\\Temp\\upxdn.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="upxdnd"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\ADMINI~1.WOR\\LOCALS~1\\Temp\\upxdnd.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001
"NoRemoteRecursiveEvents"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeKeyboardNavigationIndicators"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSharedDocuments"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
bkvqtbf



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

? [684]
? [720]

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 2
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-18 21:52:50
C:\ComboFix2.txt ... 07-03-17 14:04

HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 9:57:46 PM, on 3/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
d:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...age=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer by Cavalier Telephone, LLC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3517F20A-727D-47A9-BF5F-87A4C2004BA9}: NameServer = 64.83.1.10,209.137.160.3
O18 - Protocol: offline-8876480 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Thanks...

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:29 PM

Posted 18 March 2007 - 09:27 PM

Hello Kofucius,

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Kofucius

Kofucius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 20 March 2007 - 05:49 PM

SifuMike,

Here you go (I deleted these files instead of moving them by accident):

qq.exe;c:\windows\system32;Probably BINARYRES;Incurable.Will be deleted after reboot.;
KVMonXP19.exe;C:\!KillBox;Trojan.DownLoader.19389;Deleted.;
SopAdver.exe;C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\SopCast\adv;Adware.Sopcast;Incurable.Deleted.;
backup-20070310-230148-121.dll;C:\Program Files\HijackThis\backups;Adware.Borlander;Incurable.Deleted.;
user32100.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user32101.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user32102.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user32103.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user32104.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user32105.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user32106.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user32107.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user32108.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user32109.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user32110.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user32111.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user32112.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user3291.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user3293.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user3295.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user3296.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user3297.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user3298.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
user3299.dll;C:\Program Files\Internet Explorer;Trojan.DownLoader.19389;Deleted.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.612;Incurable.Deleted.;
RSEDNClient.exe;C:\Program Files\RSSoft;Adware.Redswoo;Incurable.Deleted.;
msm.exe;C:\WINDOWS;Trojan.PWS.Wsgame;Deleted.;
my.exe;C:\WINDOWS;Trojan.PWS.Wsgame;Deleted.;
qq.exe;C:\WINDOWS\system32;Probably BINARYRES;Incurable.Will be deleted after reboot.;
uinst_cp.exe;C:\WINNT\system32;Adware.CasProg;Incurable.Deleted.;
qq.exe;C:\WINDOWS\system32;Probably BINARYRES;Will be moved after reboot.;


HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 7:37:52 AM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
d:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\SpywareGuard\sgmain.exe
E:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...age=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer by Cavalier Telephone, LLC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3517F20A-727D-47A9-BF5F-87A4C2004BA9}: NameServer = 64.83.1.10,209.137.160.3
O18 - Protocol: offline-8876480 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Thank you for everything!! My PC is even moving much faster than before.

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:29 PM

Posted 20 March 2007 - 06:08 PM

Hi Kofucius,

Let's run one more scan to make sure the malware is gone. :thumbsup:

Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

AVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.


1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

When done, submit the [b]AVG Anti-Spyware 7.5
log and a fresh Hijackthis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Kofucius

Kofucius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 21 March 2007 - 05:23 PM

Good Evening SifuMike,


Here are the logs...

AVG:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:01:10 PM 3/21/2007

+ Scan result:



C:\WINDOWS\system32\qq.dll -> Logger.Agent.pn : Cleaned with backup (quarantined).
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@bis.180solutions[2].txt -> TrackingCookie.180solutions : Cleaned.
:mozilla.118:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.119:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.128:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.129:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.152:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.153:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.154:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.155:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.156:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Songbird\Profiles\sufe0nkd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Songbird\Profiles\sufe0nkd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.41:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.48:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
:mozilla.49:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.2o7 : Error during cleaning.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.278:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.279:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.238:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.452:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Addynamix : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@addynamix[3].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.601:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.13:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.465:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adobe : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@www.adobe[3].txt -> TrackingCookie.Adobe : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@ads.adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.147:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.148:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.149:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.150:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.154:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.155:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.156:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.157:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.158:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.159:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.160:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.168:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.169:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.175:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.176:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.177:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.178:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.191:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.208:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.221:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.645:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.661:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.676:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.694:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.700:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.711:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.71:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.72:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.73:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.74:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.75:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.76:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.105:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.137:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.138:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.139:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.141:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.142:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.143:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.246:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.247:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.248:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.249:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.250:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.252:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.256:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.257:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.258:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adserver : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer4.zip/koferboy@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.47:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Adtech : Error during cleaning.
:mozilla.48:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Adtech : Error during cleaning.
:mozilla.543:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.544:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.55:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Adtech : Error during cleaning.
:mozilla.56:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Adtech : Error during cleaning.
:mozilla.75:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.76:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.100:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.108:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.10:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.110:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.111:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.112:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.113:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.114:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.125:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Songbird\Profiles\sufe0nkd.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.50:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.51:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.54:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.56:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.60:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.69:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.72:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.72:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.75:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.76:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.77:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.78:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.78:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.79:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.7:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.82:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.83:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.84:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.86:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.88:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.89:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.90:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.90:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.92:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.93:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.94:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Advertising : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom.zip/koferboy@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom1.zip/koferboy@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.165:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Adviva : Error during cleaning.
:mozilla.166:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Adviva : Error during cleaning.
:mozilla.429:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.16:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Songbird\Profiles\sufe0nkd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.27:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.29:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.
:mozilla.50:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.6:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.7:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.8:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.8:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.
E:\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc.zip/koferboy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc1.zip/koferboy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc2.zip/koferboy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc3.zip/koferboy@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc4.zip/koferboy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.429:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Bfast : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\BFast.zip/koferboy@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\BFast1.zip/koferboy@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\BFast2.zip/koferboy@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.351:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.423:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.71:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Bluestreak : Error during cleaning.
:mozilla.79:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Bluestreak : Error during cleaning.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.36:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.37:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.38:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.39:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.643:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.644:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.200:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.209:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.25:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.195:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.196:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.213:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.79:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.80:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.154:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.155:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.156:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.157:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.158:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.205:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.206:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.207:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.208:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.20:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.27:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.28:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.42:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.43:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.44:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.46:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.47:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.48:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.50:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.190:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.278:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.279:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.280:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.281:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.317:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.318:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer4.zip/koferboy@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.628:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Clickagents : Cleaned.
:mozilla.629:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Clickagents : Cleaned.
:mozilla.630:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Clickagents : Cleaned.
:mozilla.631:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Clickagents : Cleaned.
:mozilla.632:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Clickagents : Cleaned.
:mozilla.633:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Clickagents : Cleaned.
:mozilla.625:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.158:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Com : Error during cleaning.
:mozilla.159:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Com : Error during cleaning.
:mozilla.174:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Com : Error during cleaning.
:mozilla.175:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Com : Error during cleaning.
:mozilla.179:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.180:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.214:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.215:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Com : Cleaned.
:mozilla.266:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.267:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.30:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.48:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.97:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.98:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@com[1].txt -> TrackingCookie.Com : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@com[2].txt -> TrackingCookie.Com : Cleaned.
:mozilla.262:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.322:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Coremetrics : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\CoreMetrics.zip/koferboy@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@bilbo.co

#12 Kofucius

Kofucius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 21 March 2007 - 05:24 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:15:18 PM, on 3/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
d:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...age=about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer by Cavalier Telephone, LLC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3517F20A-727D-47A9-BF5F-87A4C2004BA9}: NameServer = 64.83.1.10,209.137.160.3
O18 - Protocol: offline-8876480 - {F13F653A-5680-43D8-B9A0-680BF7054AD3} - d:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks

#13 Kofucius

Kofucius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 21 March 2007 - 05:27 PM

Sorry I cut off the AVG report incorrectly:

:mozilla.216:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Netflame : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.103:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Oxcash : Error during cleaning.
:mozilla.104:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Oxcash : Error during cleaning.
:mozilla.105:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Oxcash : Error during cleaning.
:mozilla.106:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Oxcash : Error during cleaning.
:mozilla.107:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Oxcash : Error during cleaning.
:mozilla.94:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Oxcash : Error during cleaning.
:mozilla.95:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Oxcash : Error during cleaning.
:mozilla.96:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Oxcash : Error during cleaning.
:mozilla.97:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Oxcash : Error during cleaning.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned.
:mozilla.237:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.27:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.291:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.52:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Paypal : Error during cleaning.
:mozilla.60:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Paypal : Error during cleaning.
:mozilla.9:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Paypal : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer4.zip/koferboy@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@www.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.10:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.11:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.651:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.652:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.653:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.9:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.186:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Popupsponsor : Error during cleaning.
:mozilla.187:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Popupsponsor : Error during cleaning.
:mozilla.206:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Popupsponsor : Error during cleaning.
:mozilla.207:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Popupsponsor : Error during cleaning.
:mozilla.63:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Popupsponsor : Error during cleaning.
:mozilla.71:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Popupsponsor : Error during cleaning.
:mozilla.28:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.156:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.202:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.319:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.31:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.32:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer4.zip/koferboy@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@real[1].txt -> TrackingCookie.Real : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer4.zip/koferboy@real[1].txt -> TrackingCookie.Real : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer4.zip/koferboy@real[2].txt -> TrackingCookie.Real : Cleaned.
:mozilla.731:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Realcastmedia : Cleaned.
:mozilla.104:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.105:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.106:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.108:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.111:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.112:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.113:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.114:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.145:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.146:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.22:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.23:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.74:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.77:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.79:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.80:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@oas-central.realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@realmedia[3].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.22:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.29:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.616:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.617:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.618:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.619:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.94:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.216:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.217:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.218:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.219:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.220:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.26:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.27:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.28:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.29:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.32:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.33:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.34:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.35:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.36:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.37:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.646:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.647:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.648:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.649:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Serving-sys : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@c.sexcounter[1].txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.344:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.345:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.346:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.347:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.76:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Specificpop : Error during cleaning.
:mozilla.77:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Specificpop : Error during cleaning.
:mozilla.84:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Specificpop : Cleaned.
:mozilla.84:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Specificpop : Error during cleaning.
:mozilla.85:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Specificpop : Error during cleaning.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.581:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.582:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Starware : Cleaned.
:mozilla.18:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.20:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.356:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.357:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.358:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.197:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.198:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.199:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.201:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.108:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.109:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.110:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.172:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Targetnet : Error during cleaning.
:mozilla.173:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Targetnet : Error during cleaning.
:mozilla.19:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.421:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.460:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.62:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Targetnet : Error during cleaning.
:mozilla.70:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Targetnet : Error during cleaning.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.102:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.103:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.104:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.105:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.106:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.107:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.113:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.114:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.115:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.115:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.116:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.117:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.118:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.137:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.186:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.187:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.188:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.189:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.190:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.71:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.192:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.193:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.194:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.22:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.23:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.24:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.25:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.26:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.49:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.54:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.59:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.60:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.23:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla5.zip/cookies.txt -> TrackingCookie.Valuead : Error during cleaning.
:mozilla.31:E:\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> TrackingCookie.Valuead : Error during cleaning.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@servedfor.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.20:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.21:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Profiles\default\czfxdjch.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.30:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.31:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.76:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.77:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.78:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Valueclick : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\ValueClick.zip/koferboy@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.83:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.84:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Webtrendslive : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@bins.wfix[1].txt -> TrackingCookie.Wfix : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@www.wfix[1].txt -> TrackingCookie.Wfix : Cleaned.
:mozilla.114:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.144:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.147:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.148:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.149:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.150:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.120:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.121:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.122:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.123:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.124:C:\Documents and Settings\Kofi Boakye\Application Data\Phoenix\Profiles\default\gwaqrxy8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.153:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.279:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.311:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.312:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.313:C:\Documents and Settings\Kofi Boakye\Application Data\Mozilla\Firefox\Profiles\p96t4mmo.default\cookies-1.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.68:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.69:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.70:C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Application Data\Mozilla\Firefox\Profiles\chn13d91.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
E:\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer.zip/koferboy@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0F1B08BC-AB6A-4CF1-BF41-3520F78407F6} -> Trojan.Qhost.kf : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A0415331-8473-4686-80C1-9BD75AD3561B} -> Trojan.Qhost.kf : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D380DD4C-EB96-4E89-9F28-361682C91A90} -> Trojan.Qhost.kf : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator.WORLD-M2QN4BSSN\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{EB208C92-EC5D-4D5E-AAE1-B21CED955DB6} -> Trojan.Qhost.kf : Cleaned with backup (quarantined).
C:\WINDOWS\hosts.dat -> Trojan.Qhost.kf : Cleaned with backup (quarantined).


::Report end

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:29 PM

Posted 21 March 2007 - 08:46 PM

Hi Kofucius,

Your log looks clean! :thumbsup: How is your computer running? :flowers:

Let's reset you files so they are hidden and protected.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading deselect Show hidden files and folders.
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK

Let's clean your System Restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows.
The files in System Restore are protected to prevent any programs from changing those files.
This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK

2. Restart your computer.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
NOTE: only do this ONCE, NOT on a regular basis

System Restore will now be active again.



Please read and follow How did I get infected?, With steps so it does not happen again!
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 Kofucius

Kofucius
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 22 March 2007 - 04:59 PM

thank you so much




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users