Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Help!


  • This topic is locked This topic is locked
16 replies to this topic

#1 bonggor

bonggor

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 27 May 2007 - 02:40 PM

I got trojan horse popping in auto-protect results every few minutes or even seconds. :thumbsup:

How do i get rid of it? i tried alot of programs and i don't think any of them worked.
I'll post my HJT log for you guys. please help!! ><

------HJT--------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 下午 03:38:01, on 2007/5/27
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Leslie Chung\Desktop\Anti_Viruses\HiJackThis_v2.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Adobe Systems - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager ccSetMgrProtectedStorage (ccSetMgrProtectedStorage) - Symantec Corporation - (no file)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8944 bytes

Moved from the XP Forum. ~acklan~

Edited by acklan, 27 May 2007 - 04:45 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:05 PM

Posted 27 May 2007 - 09:20 PM

Hi bonggor,

I am not seeing much malware in your log, so lets run some scans and see what they find. :flowers:


Download ATF (Atribune Temp File) Cleaner by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

AVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.


1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on AVG antispyware in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update".
If you are having problems with the updater, manually update with the AVG Antispyware Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

***********************



1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix.

To disable Norton AntiVirus Script Blocking
Start Norton AntiVirus. If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
Click Options. If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking.
In the right pane, uncheck Enable Script Blocking (recommended).
Click OK

Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

***********************

You posted a Hijackthis that is run from a beta version of Hijackthis. This verson still has bugs in it so we do not use it. :thumbsup:

Please delete that Beta version and download the latest version from the following link:

HijackThis Download Site with installer
Just click on Hijackthis_sfx.exe file that you downloaded.
A WinZip self extractor screen appears with the default location of C:\Program Files\Hijackthis.
Then press the Unzip button. Then close the Self-Extractor window.

Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it.

If you would like to make a shortcut for your Desktop so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

Please run the extracted HijackThis.exe from now on.

I got trojan horse popping in auto-protect results every few minutes or even seconds

What trojan horse is it? Does it give a location?
Which program is finding it?


When done, submit the ComboFix log, the [b]AVG Anti-Spyware 7.5
log and a fresh Hijackthis log.

Edited by SifuMike, 27 May 2007 - 09:33 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 bonggor

bonggor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 28 May 2007 - 01:23 AM

The file is located in C:/WINDOWS/TEMP
Norton detected the virus. :thumbsup:

The Auto-protection results screen kept popping out for every few minutes. It gets very annoying and all the names for the virus are "Trojan Horses". They're all Quarantined but they kept coming back with a different # file name. i.e 456789.exe~, 984234.exe~ etc...

#4 bonggor

bonggor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 28 May 2007 - 02:27 AM

ok, here are my new log files as you had requested:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 上午 03:09:23 2007/5/28

+ Scan result:



F:\Documents and Settings\bon\Local Settings\Temporary Internet Files\Content.IE5\BOGKOD86\d[1].gif -> Adware.LinkOptimizer : Cleaned with backup (quarantined).
F:\WINDOWS\system32\ld636D.tmp -> Downloader.Zlob.bv : Cleaned with backup (quarantined).
F:\WINDOWS\system32\mscornet.exe -> Downloader.Zlob.bv : Cleaned with backup (quarantined).
F:\WINDOWS\system32\hp27D3.tmp -> Downloader.Zlob.dk : Cleaned with backup (quarantined).
F:\WINDOWS\system32\hp636D.tmp -> Downloader.Zlob.dk : Cleaned with backup (quarantined).
F:\WINDOWS\system32\msvol.tlb -> Downloader.Zlob.dk : Cleaned with backup (quarantined).
F:\WINDOWS\system32\nvctrl.exe -> Downloader.Zlob.dk : Cleaned with backup (quarantined).
G:\Cqmacro.zip/Cqmacro/HOOK.DLL -> Logger.Hookey.b : Cleaned with backup (quarantined).
G:\Old E Drive\Application\Cqmacro.zip/Cqmacro/HOOK.DLL -> Logger.Hookey.b : Cleaned with backup (quarantined).
F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1e6acb2d-4ac5e601.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-32bbcb4e-14806a76.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-53d9ab96-33704476.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-5b75045d-256135f5.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-642c1db8-49adf6c4.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-680389e7-68b2bf71.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
G:\My Documents\wpepro.rar/wpepro\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.b : Cleaned with backup (quarantined).
G:\Old D Drive\Downloads\kamcm.zip/WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.b : Cleaned with backup (quarantined).
G:\Old D Drive\My Documents\wpepro.rar/wpepro\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.b : Cleaned with backup (quarantined).
G:\My Documents\wpepro.rar/wpepro\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.c : Cleaned with backup (quarantined).
G:\Old D Drive\Downloads\kamcm.zip/WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.c : Cleaned with backup (quarantined).
G:\Old D Drive\My Documents\wpepro.rar/wpepro\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.c : Cleaned with backup (quarantined).
:mozilla.59:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.60:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.61:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.62:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.100:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.411:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.572:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.648:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.927:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.946:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.2o7 : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.147:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.909:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.596:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.598:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.36:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.46:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Advertising : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.480:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.58:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.176:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.626:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.634:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.551:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.552:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.553:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.580:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.581:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.376:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@cz2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@vip2.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.17:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Com : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.18:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.654:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.484:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.888:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.893:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.934:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.941:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.823:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.279:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.361:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.39:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.40:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.41:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.710:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.711:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.178:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.179:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.180:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.181:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.274:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.276:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.352:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.372:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.382:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.425:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.426:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.446:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.644:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.745:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.746:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.850:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.851:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.852:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.853:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@ehg-cardomain.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.428:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.666:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Idot : Cleaned.
:mozilla.271:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.272:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.127:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.128:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.218:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.219:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.220:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.660:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.210:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.615:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.616:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.617:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.619:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.207:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.208:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.577:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.578:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.579:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.388:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.593:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.72:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.77:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.78:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.79:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.80:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.81:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.82:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.83:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.84:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.85:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.86:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.87:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.88:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.89:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.618:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.620:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.627:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.628:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.629:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.630:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.631:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.632:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.349:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.350:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@counter5.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.303:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.304:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.305:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.464:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.227:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.228:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.229:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.230:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.231:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.233:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.234:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.235:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.236:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.237:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.238:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.239:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.240:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.241:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.242:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.288:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.289:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.760:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.334:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.6:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.762:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.763:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.764:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.765:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.766:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.767:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.831:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.832:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.906:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Vortexmediagroup : Cleaned.
:mozilla.824:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.825:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.331:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.332:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.333:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.43:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
F:\Documents and Settings\bon\Cookies\bon@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.471:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.365:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.366:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.367:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.371:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.559:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.560:F:\Documents and Settings\bon\Application Data\Mozilla\Firefox\Profiles\default.8wr\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

#5 bonggor

bonggor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 28 May 2007 - 02:30 AM

"Leslie Chung" - 2007-05-28 3:15:31 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Leslie Chung\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))))))


2007-05-28 00:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-27 20:26 <DIR> d-------- C:\HijackThis
2007-05-27 05:17 <DIR> d-------- C:\DOCUME~1\LESLIE~1\APPLIC~1\Hewlett-Packard
2007-05-27 01:58 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-27 01:57 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-05-27 01:57 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-05-27 01:57 <DIR> d-------- C:\Program Files\Trojan Remover
2007-05-27 01:57 <DIR> d-------- C:\DOCUME~1\LESLIE~1\APPLIC~1\Simply Super Software
2007-05-27 01:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-05-24 17:14 <DIR> d-------- C:\DOCUME~1\LESLIE~1\APPLIC~1\Teleca
2007-05-24 17:14 <DIR> d-------- C:\DOCUME~1\LESLIE~1\APPLIC~1\Sony Ericsson
2007-05-24 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
2007-05-24 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-05-24 16:43 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-05-23 05:22 30,980 -r-hs---- C:\WINDOWS\system32\1054x.exe
2007-05-18 16:14 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2007-05-18 16:14 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-05-18 16:14 <DIR> dr-h----- C:\DOCUME~1\LESLIE~1\APPLIC~1\SecuROM
2007-05-18 16:14 <DIR> d-------- C:\DOCUME~1\LESLIE~1\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-05-18 04:00 402 --ahs---- C:\WINDOWS\system32\606501620.dat
2007-05-18 04:00 31,552 -r-hs---- C:\WINDOWS\system32\12520850v.exe
2007-05-11 14:09 <DIR> d-------- C:\Program Files\Real
2007-05-11 14:09 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-05-11 14:09 <DIR> d-------- C:\Program Files\Common Files\Real
2007-05-11 14:09 <DIR> d-------- C:\DOCUME~1\LESLIE~1\APPLIC~1\Real
2007-05-11 14:08 <DIR> d-------- C:\My Downloads
2007-04-28 02:20 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-28 07:13:28 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-05-28 07:13:11 -------- d-----w C:\DOCUME~1\LESLIE~1\APPLIC~1\Skype
2007-04-19 03:51:03 -------- d-----w C:\DOCUME~1\LESLIE~1\APPLIC~1\Leadertech
2007-04-15 00:26:03 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-04-13 21:58:49 -------- d-----w C:\DOCUME~1\LESLIE~1\APPLIC~1\AdobeAUM
2007-04-13 21:58:48 -------- d-----w C:\DOCUME~1\LESLIE~1\APPLIC~1\AdobeUM
2007-04-13 09:11:28 92,672 ----a-w C:\WINDOWS\system32\delgpfreeqku.exe
2007-04-13 09:11:28 403,968 ----a-w C:\WINDOWS\system32\Univconv.exe
2007-04-13 09:11:28 40,960 ----a-w C:\WINDOWS\system32\InitPhFreeqku.exe
2007-04-13 09:11:28 20,480 ----a-w C:\WINDOWS\system32\Uninsfreeqku.exe
2007-04-13 09:00:14 -------- d-----w C:\DOCUME~1\LESLIE~1\APPLIC~1\Help
2007-04-13 07:15:16 -------- d-----w C:\Program Files\Common Files\snpstd3
2007-04-13 07:15:13 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-11 10:16:26 -------- d-----w C:\Program Files\iTunes
2007-04-11 04:25:55 -------- d-----w C:\DOCUME~1\LESLIE~1\APPLIC~1\Apple Computer
2007-04-04 23:59:24 -------- d-----w C:\Program Files\Norton AntiVirus
2007-04-04 23:59:24 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-04-04 23:53:02 -------- d-----w C:\Program Files\Symantec
2007-04-04 23:53:01 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-04 23:53:01 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-04 02:31:44 -------- d-----w C:\Program Files\QuickTime
2007-04-03 07:05:50 -------- d-----w C:\Program Files\Alwil Software
2007-04-03 06:06:40 -------- d-----w C:\Program Files\Analog Devices
2007-04-01 01:25:01 -------- d-----w C:\Program Files\Skype
2007-04-01 01:25:01 -------- d-----w C:\Program Files\Common Files\Skype
2007-03-15 15:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 15:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-13 04:06:26 109,568 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-03-13 04:06:26 108,544 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-03-05 22:25:24 19,558 ----a-w C:\WINDOWS\hpoins01.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 03:11]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 12:28]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" []
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-11 14:09]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-05-21 14:50]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 08:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-23 14:52]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24abe0f9-c531-11db-bdef-0018f346ba52}]
Auto\command- sss.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sss.exe

*Newly Created Service* -PROCEXP90

Contents of the 'Scheduled Tasks' folder
2007-05-23 18:35:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-02-26 08:04:20 C:\WINDOWS\tasks\Uniblue SpyEraser.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-28 03:16:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-28 3:16:39

--- E O F ---


Here's the last one for HJT:


-------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 上午 03:22:59, on 2007/5/28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Adobe Systems - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager ccSetMgrProtectedStorage (ccSetMgrProtectedStorage) - Unknown owner - (no file)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

#6 bonggor

bonggor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 28 May 2007 - 02:31 AM

Thanks!! I hope these could help you out finding the viruses!! many thanks again :thumbsup:

#7 bonggor

bonggor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 28 May 2007 - 03:48 AM

I think the problem is solved!! thanks!!! much much much appreciation for your time and effort to help us!!

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:05 PM

Posted 28 May 2007 - 10:11 AM

Hi bonggor,

It is great that the problem is solved. :thumbsup:

Please read and follow How did I get infected?, With steps so it does not happen again!
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 bonggor

bonggor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 28 May 2007 - 01:44 PM

hhmmm.. seemed like the occurence of the virus is not as frequent now but it is still coming back. :thumbsup:

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:05 PM

Posted 29 May 2007 - 12:49 PM

Tell me about the virus you are getting.

Does it appear when you are browing the internet?
What program finds it?
What is the name of the virus and the location?
Is your antivirus quarentining it?



You will need to use Internet Explorer for this scan.
Disable your antivirus program and go here to run BitDefender Online Scan.
Click on I Agree.
Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.

When the ActiveX Control has loaded, click on "Click here to scan".
Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer.

NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.


When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 bonggor

bonggor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 29 May 2007 - 01:30 PM

it doesn't appear when browsing, just randomly appearing on "Auto-Protection" Results screen. k i'll try that out now!

#12 bonggor

bonggor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 29 May 2007 - 02:39 PM

BitDefender Online Scanner



Scan report generated at: Tue, May 29, 2007 - 15:34:49





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;







Statistics

Time
01:01:33

Files
576408

Folders
8324

Boot Sectors
8

Archives
3818

Packed Files
69010




Results

Identified Viruses
10

Infected Files
18

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
18




Engines Info

Virus Definitions
509288

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\system32\12520850v.exe
Infected with: DeepScan:Generic.Malware.SIFsp.4E6FDA3E

C:\WINDOWS\system32\12520850v.exe
Disinfection failed

C:\WINDOWS\system32\12520850v.exe
Deleted

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip=>Beyond.class
Infected with: Java.Trojan.Exploit.Bytverify.H

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip=>Beyond.class
Disinfection failed

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip=>Beyond.class
Deleted

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip
Updated

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip=>BlackBox.class
Infected with: Java.Trojan.Exploit.Bytverify.H

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip=>BlackBox.class
Disinfection failed

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip=>BlackBox.class
Deleted

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip
Updated

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip=>Dummy.class
Disinfection failed

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip=>Dummy.class
Deleted

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip
Updated

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip=>VerifierBug.class
Infected with: Java.Trojan.ClassLoader.AI

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip=>VerifierBug.class
Disinfection failed

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip=>VerifierBug.class
Deleted

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-7907a8df-2df72545.zip
Updated

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-1e7050a4-132339ac.zip=>NewSecurityClassLoader.class
Infected with: Java.Trojan.Exploit.Byteverify.G

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-1e7050a4-132339ac.zip=>NewSecurityClassLoader.class
Disinfection failed

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-1e7050a4-132339ac.zip=>NewSecurityClassLoader.class
Deleted

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-1e7050a4-132339ac.zip
Updated

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-1e7050a4-132339ac.zip=>NewURLClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-1e7050a4-132339ac.zip=>NewURLClassLoader.class
Disinfection failed

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-1e7050a4-132339ac.zip=>NewURLClassLoader.class
Deleted

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0502b.jar-1e7050a4-132339ac.zip
Updated

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip=>SandBoxEscape.class
Infected with: Trojan.Exploit.ByteVerify.L

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip=>SandBoxEscape.class
Disinfection failed

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip=>SandBoxEscape.class
Deleted

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip
Updated

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip=>SuperMSClassLoader.class
Infected with: Trojan.Exploit.ByteVerify.L

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip=>SuperMSClassLoader.class
Disinfection failed

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip=>SuperMSClassLoader.class
Deleted

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip
Updated

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip=>NewURLClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip=>NewURLClassLoader.class
Disinfection failed

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip=>NewURLClassLoader.class
Deleted

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip
Updated

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip=>Installer.class
Infected with: Trojan.Exploit.ByteVerify.L

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip=>Installer.class
Disinfection failed

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip=>Installer.class
Deleted

F:\Documents and Settings\bon\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-526eb0d2-120a4ec3.zip
Updated

F:\Documents and Settings\bon\Local Settings\Temp\setup.exe
Infected with: Trojan.Downloader.Time2Pay.AQ

F:\Documents and Settings\bon\Local Settings\Temp\setup.exe
Disinfection failed

F:\Documents and Settings\bon\Local Settings\Temp\setup.exe
Deleted

F:\System Volume Information\_restore{F2F0D842-E7F3-4EB3-A77D-40A267D59118}\RP161\A0024428.exe
Infected with: Trojan.Downloader.Time2Pay.AQ

F:\System Volume Information\_restore{F2F0D842-E7F3-4EB3-A77D-40A267D59118}\RP161\A0024428.exe
Disinfection failed

F:\System Volume Information\_restore{F2F0D842-E7F3-4EB3-A77D-40A267D59118}\RP161\A0024428.exe
Deleted

F:\WINDOWS\system32\oleext.dll
Infected with: Trojan.Small.Y

F:\WINDOWS\system32\oleext.dll
Disinfection failed

F:\WINDOWS\system32\oleext.dll
Deleted

G:\My Documents\wpe pro.rar=>WPE PRO\WpeSpy.dll
Infected with: Trojan.Sniffer.Wpepro.A

G:\My Documents\wpe pro.rar=>WPE PRO\WpeSpy.dll
Disinfection failed

G:\My Documents\wpe pro.rar=>WPE PRO\WpeSpy.dll
Deleted

G:\My Documents\wpe pro.rar
Update failed

G:\Old D Drive\Downloads\Wpe_pro.zip=>WPE_PRO.EXE=>(RAR Sfx o)=>WpeSpy.dll
Infected with: Trojan.Sniffer.Wpepro.A

G:\Old D Drive\Downloads\Wpe_pro.zip=>WPE_PRO.EXE=>(RAR Sfx o)=>WpeSpy.dll
Disinfection failed

G:\Old D Drive\Downloads\Wpe_pro.zip=>WPE_PRO.EXE=>(RAR Sfx o)=>WpeSpy.dll
Deleted

G:\Old D Drive\Downloads\Wpe_pro.zip=>WPE_PRO.EXE=>(RAR Sfx o)
Update failed

G:\Old D Drive\My Documents\wpe pro.rar=>WPE PRO\WpeSpy.dll
Infected with: Trojan.Sniffer.Wpepro.A

G:\Old D Drive\My Documents\wpe pro.rar=>WPE PRO\WpeSpy.dll
Disinfection failed

G:\Old D Drive\My Documents\wpe pro.rar=>WPE PRO\WpeSpy.dll
Deleted

G:\Old D Drive\My Documents\wpe pro.rar
Update failed

G:\Old E Drive\ChineseGamer\sangnet2\twbwl081606.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 22)
Infected with: Trojan.Spy.Keylogger.Y

G:\Old E Drive\ChineseGamer\sangnet2\twbwl081606.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 22)
Disinfection failed

G:\Old E Drive\ChineseGamer\sangnet2\twbwl081606.exe=>(CAB Sfx o)=>\Disk1\data2.cab=>(IShield Module 22)
Deleted

G:\Old E Drive\ChineseGamer\sangnet2\twbwl081606.exe=>(CAB Sfx o)=>\Disk1\data2.cab
Update failed

#13 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:05 PM

Posted 29 May 2007 - 02:53 PM

Looks like Bitdefender removed malware.

Let's look in a different place for signs.

Open HijackThis
Go to 'config'
Go to 'misc tools'
Press the button 'open uninstall manager'
Press 'save list'
A notepad file will open.
Post the content here in your reply.
Close HijackThis.

*************************

Please download A-Squared Free, save it to the desktop.
  • Double-click on a2FreeSetup.exe, follow the installer's instructions.
  • At the end of the install process, make sure Launch a-squared Free is checked, then click Finish.
  • When it launches, it will ask you if you would like to update, click Yes, it will take a few moments to update.
  • When done with the update, if it asks you to restart the application, click Yes.
  • At the main menu, click Scan Now, there will be 4 options, choose Deep Scan.
  • At the end of the scan, click Save Report. Save the report to somewhere convenient, such as your desktop.
  • If malware is found, select all found and click Quarantine selected objects.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 bonggor

bonggor
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 29 May 2007 - 08:46 PM

Ad-Aware SE Personal
Adobe Flash Player 9
Adobe Photoshop Elements 4.0
Adobe Reader 8
Adobe Shockwave Player
AdobeR PhotoshopR Album Starter Edition 3.0
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
AVG Anti-Spyware 7.5
Chinese (Simplified) Language Support
Chinese (Traditional) Language Support
Command & Conquer 3
Cool Edit Pro 2.0
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows XP (KB926239)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
iTunes
Korean Language Support
LiveUpdate 2.6 (Symantec Corporation)
Marvell Miniport Driver
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.3)
MSI Star Cam 370i
QuickTime
RealPlayer
Rhapsody Player Engine
Skype 3.1
Skype Plugin Manager
Sony Ericsson PC Suite
SoundMAX
Spybot - Search & Destroy 1.4
Symantec AntiVirus
System Alert Popup
VideoSecurity
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinZip
World of Warcraft
Xvid 1.1.2 final uninstall
Yahoo! Toolbar
-----------------------------------

Thanks, it's working quite well :D

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:05 PM

Posted 29 May 2007 - 09:39 PM

Hi bonggor,

I found this on System Alert Popup
http://www.bleepingcomputer.com/uninstall/...Alert-Popup.htm
so lets uninstall it.

Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following (if they exist) by double-clicking on the following entries:
System Alert Popup


Did a2 squared remove any malware?

How is the computer running?

Edited by SifuMike, 29 May 2007 - 09:40 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users