Help to ID and remove unknown virus

Posted 2/26/2006 8:46 PM
#28547
User avatar

ocium Member

Date Joined Nov 2016
Total Posts: 3
Hi there,

I am having trouble with somehting I suspect is a virus, but can find no info on as yet.
My virus scanner (AVG Free v7.1.285 (26/02/2006)), doesn't recognise it.

My firewall (Sygate Personal Firewall Pro 5) identifies it as "Universa application", and I am currently blocking traffic for this app with: www.meta-porn.com (70.84.127.98).
The background process(es) associated with this application use the filename syntax "win*.tmp.exe".

The little bugger is replicating itself madly in my windows/temp folder: I am currently up to win2FE.tmp.exe.
Also, some new executables have just started appearing that I suspect are related, and which seem to have random filename generation: gcajpiod.exe, idjlakmd.exe, iogeokmd.exe, jnlahkmd.exe, kjfdliod.exe, pafbkiod.exe, ppcockmd.exe.

I can't seem to find the mother file that is creating these executables, and respawning the processes.

Can anyone help me out with identification, or advice on how to remove it?

TIA,

Dave
Posted 2/26/2006 10:03 PM
#28559
User avatar

Andrei Ionescu Advanced member

Date Joined Nov 2016
Total Posts: 43
Hi Dave,




1. Download the HijackThis from this link: https://www.download.com/HijackThis/3000-8022_4-10379544.html?tag=lst-0-1





2. You must unzip it in a newly created folder before you can actually use it. For this you will need a program such as WinZip or WinRar to open the archive. Please create a permanent folder on your desktop for instance, and place the executable file in that folder.




3. Run the "hijackthis.exe" file and a new window will appear. In that new window please click on the button that says "Do a system scan and save a logfile".




4. After the program finishes searching for abnormal objects, the logfile will be saved automatically in the same folder in which you have placed the contents of the archive.




5. Locate the log file, open it with a normal text editor (Notepad) copy its content and paste it as a reply to this thread.




After analuzing the log we might actually know what infection we are up against.

<?xml:namespace prefix = v /><?xml:namespace prefix = w />User image



















Andrei Cristian Ionescu<?xml:namespace prefix = o />

QA Team Member

BullGuard Software Ltd.

Cell phone: +40 724.276.719

[3] [/3]
[color=red>[/b]

Do not PM me with logfiles. They will be deleted
Posted 2/26/2006 10:18 PM
#28560
User avatar

ocium Member

Date Joined Nov 2016
Total Posts: 3
Thank you kindly Andrei; here is the logfile:


Logfile of HijackThis v1.99.1
Scan saved at 11:19:34 a.m., on 27/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\TEMP\win31.tmp.exe
C:\WINDOWS\TEMP\win52.tmp.exe
C:\Documents and Settings\Ged\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [d12] C:\Program Files\BPK\d12.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Hide IP Platinum] C:\Program Files\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: MS Software Generic Host Process for Win32 Services (svchost) - Unknown owner - C:\WINDOWS\SYSTEM\svchost.exe
Posted 2/26/2006 11:51 PM
#28567
User avatar

Andrei Ionescu Advanced member

Date Joined Nov 2016
Total Posts: 43
Hi Dave,




1. First, you will have to unregister this .dll file on your computer:




[color=red>C:\WINDOWS\SYSTEM32\wingsa32.dll


You can use the Regsvr32 tool (Regsvr32.exe) to register and unregister object linking and embedding (.OLE), controls such as dynamic-link library (.DLL) or ActiveX Controls (.OCX), and all other files that are self-registerable.[/color]

[color=white>


Press the Windows Start button-> Run-> then type the regsvr32 command as it is showed below:[/color]

[color=white>

[b] Regsvr32 [/u] [/b]C:\WINDOWS\SYSTEM32\wingsa32.dll[/color]

[color=#ff0000>


2. Then please restart your computer in Safe Mode (you can do that by pressing the F8 key when Windows is starting, before the Windows start-up screen is loaded). Start HijackThis again, press the "Do a System Scan only"[/color] option, and place a check mark in front of the following entries:

[color=blue>Fix] button. [/color]

[color=white>Copy]remove.bat:[/color]


[color=blue>@ECHO OFF
cd %windir%\TEMP
del win*.tmp.exe
cd %windir%\system32
del wingsa32.dll[/color]


[color=blue>del winlogon.exe
exit
[/color]


While still in Safe Mode, please right click on the remove.bat file you have created. A Command Prompt window should flash on your screen, and in the same time the infected files should be removed.




4. Restart your computer in Windows normal mode and follow these steps:




Please download, install, and update the free version of Ewido anti-malware from this link: https://www.ewido.net/en/download/


[*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
[*]When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK.
[*]From the main Ewido screen, click on "update" in the left menu, then click the "Start update" button.
[*]After the update finishes, the status bar at the bottom will display "Update successful"
[*]Click on Scanner
[*]Click on Complete System Scan and the scan will begin.
[*]Save the report to your desktop
[*]Close Ewido



Restart your computer, and post a fresh HijackThis log and the Ewido log, and let me know if the infected files and processes are still on your computer.

<?xml:namespace prefix = v /><?xml:namespace prefix = w />User image



















Andrei Cristian Ionescu<?xml:namespace prefix = o />

QA Team Member

BullGuard Software Ltd.

Cell phone: +40 724.276.719

[3] [/3]
[color=red>[/b]

Do not PM me with logfiles. They will be deleted
Posted 2/27/2006 3:03 AM
#28578
User avatar

ocium Member

Date Joined Nov 2016
Total Posts: 3
Hi Andrei,

Thank you very much for all your efforts to help me; I really appreciate it, and I am very happy to report that whatever it was is now sorted :0)

I was unable to unregister the wingsa32.dll - sorry, I can't remember the exact error message, something like: dll found but unable to find install start point?
Of course, the batch file couldn't do its thing with the dll still registered...

However, that Ewido is really great and managed to find the nasty without unregistering and deleting the dll (and winlogon.exe). After a full scan and fix, the dll is gone, and I was able to manually delete all win*.tmp.exe files in the windows/temp folder.

Here are the logfiles, just in case they can help you to identify what exactly it was:

Logfile of HijackThis v1.99.1
Scan saved at 3:56:04 p.m., on 27/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Ged\Desktop\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: MS Software Generic Host Process for Win32 Services (svchost) - Unknown owner - C:\WINDOWS\SYSTEM\svchost.exe (file missing)



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:26:29 p.m., 27/02/2006
+ Report-Checksum: 8E1ABE4D

+ Scan result:

HKLM\SOFTWARE\Classes\LaunchInIE.Launch -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\LaunchInIE.Launch\CLSID -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\LaunchInIE.Launch\CurVer -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\LaunchInIE.Launch.1 -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources\CLSID -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources\CurVer -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WinRes.WindowsResources.1 -> Adware.CoolWebSearch : Cleaned with backup
[600] C:\WINDOWS\system32\wingsa32.dll -> Hijacker.Small.kb : Cleaned with backup
[1728] C:\WINDOWS\SYSTEM\svchost.exe -> Logger.AdvancedKeyLogger.b : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Roispy : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Roispy : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Roispy : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.368:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\19eume44.default\cookies.txt -> TrackingCookie.Cj : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.248:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Opentracker : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Ged\Application Data\Mozilla\Firefox\Profiles\ehywi64q.Dave\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Ged\Cookies\ged@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ged\Cookies\ged@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Ged\Local Settings\Temp\ddl13.tmp.exe -> Dialer.Agent.z : Cleaned with backup
C:\Documents and Settings\Ged\Local Settings\Temp\ddl15.tmp.exe -> Dialer.Agent.z : Cleaned with backup
C:\Documents and Settings\Ged\Local Settings\Temp\ddl9.tmp.exe -> Dialer.Agent.z : Cleaned with backup
C:\Documents and Settings\Ged\Local Settings\Temp\ddlF.tmp.exe -> Dialer.Agent.z : Cleaned with backup
C:\Documents and Settings\Ged\Local Settings\Temporary Internet Files\Content.IE5\UDE1GLM5\mullbin2[1].exe -> Downloader.Small.ckr : Cleaned with backup
C:\Documents and Settings\Ged\Local Settings\Temporary Internet Files\Content.IE5\UDE1GLM5\rdgUS2405[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Program Files\BitLord\Downloads\FINISHED\APPZ\ActMon Computer Monitoring v5.2.exe/wskrnl.exe -> Not-A-Virus.Monitor.Win32.ActMon.511 : Error during cleaning
C:\Program Files\BitLord\Downloads\FINISHED\APPZ\Handy Keylogger v3.24.032 [Crack].exe -> Not-A-Virus.Monitor.Win32.QuickKeyLogger.a : Cleaned with backup
C:\Program Files\BitLord\Downloads\FINISHED\APPZ\Spy SHOP 2005\Spytech SpyAgent5-lucid.rar/Spytech SpyAgent5-lucid\fixed.exe -> Not-A-Virus.Monitor.Win32.SpyAgent.k : Error during cleaning
C:\Program Files\BitLord\Downloads\Serial Key\Craagle.exe -> Adware.Craagle : Cleaned with backup
C:\Program Files\BitLord\Downloads\Serial Key.rar/Serial Key\Craagle & Crackdown.rar/Craagle.exe -> Adware.Craagle : Error during cleaning
C:\Program Files\BitLord\Downloads\Sex Game - Virtua Girl 2 desktop stripper + 18 models with activation & crac!.rar.bc!/Complete - Virtua Girl 2 desktop stripper + 18 models\activation.exe -> Adware.WinAD : Error during cleaning
C:\Program Files\BitLord\Downloads\Sex Game - Virtua Girl 2 desktop stripper + 18 models with activation & crac!.rar.bc!/Complete - Virtua Girl 2 desktop stripper + 18 models\crack.exe -> Adware.WinAD : Error during cleaning
C:\Program Files\BPK\d12.exe -> Not-A-Virus.Monitor.Win32.Perflogger.ad : Cleaned with backup
C:\WINDOWS\ASK\ScrCap.exe -> Not-A-Virus.Monitor.Win32.Amplusnet.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\rdgUS2405.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\system\svchost.exe -> Logger.AdvancedKeyLogger.b : Cleaned with backup
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\qlib.dll -> Not-A-Virus.Monitor.Win32.QuickKeyLogger.c : Cleaned with backup
C:\WINDOWS\system32\qpanel.exe -> Not-A-Virus.Monitor.Win32.QuickKeyLogger.a : Cleaned with backup
C:\WINDOWS\system32\TMUtils.dll -> Logger.AdvancedKeyLogger.16 : Cleaned with backup
C:\WINDOWS\system32\wingsa32.dll -> Hijacker.Small.kb : Cleaned with backup
C:\WINDOWS\Temp\winFC.tmp.exe -> Trojan.Dialer.u : Cleaned with backup
F:\CRACK\CRC\pwdspy.zip/bin/i386r/PwdSpyHk.dll -> Backdoor.PowerSpider.b : Cleaned with backup
F:\CRACK\CRC\pwdspy.zip/bin/i386ur/PwdSpyHk.dll -> Backdoor.PowerSpider.b : Cleaned with backup
F:\CRACK\Gamez - Serials\Gamez - Keygens\Warhammer 40000 [Keygen-Vengeance].exe -> Trojan.Steam.a : Cleaned with backup


::Report End



Thanks again,

Dave
Posted 2/27/2006 7:49 PM
#28606
User avatar

Andrei Ionescu Advanced member

Date Joined Nov 2016
Total Posts: 43
Hi Dave,



Both logs are clean now, and the infection is no longer present. Please try to follow-up this situation and let us know as soon as you have any other problems.



In the meantime, please read this useful guide, for preventing infection:



One of the most common questions found when cleaning Spyware or other Malware is "how did my machine get infected?". The most common answer is that you are not running the proper security software and that the security settings are too low on your machine.

Please follow these steps to keep your computer clean and secure so that you do not get infected again:



    * <!--coloro:blue--><!--/coloro-->Make your Internet Explorer more secure<!--colorc--><!--/colorc--> - This can be done by following these simple instructions:




    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.


      1. Change the Download signed ActiveX controls to Prompt

      2. Change the Download unsigned ActiveX controls to Disable

      3. Change the Initialize and script ActiveX controls not marked as safe to Disable

      4. Change the Installation of desktop items to Prompt

      5. Change the Launching programs and files in an IFRAME to Prompt

      6. Change the Navigate sub-frames across different domains to Prompt

      7. When all these settings have been made, click on the OK button.

      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
        *

      * Next press the Apply button and then the OK to exit the Internet Properties page.


  1. <!--coloro:blue--><!--/coloro-->Use an AntiVirus Software<!--colorc--><!--/colorc--> - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.


  2. <!--coloro:blue--><!--/coloro-->Update your AntiVirus Software<!--colorc--><!--/colorc--> - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  3. <!--coloro:blue--><!--/coloro-->Use a Firewall<!--colorc--><!--/colorc--> - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.


  4. <!--coloro:blue--><!--/coloro-->Visit Microsoft's Windows Update Site Frequently<!--colorc--><!--/colorc--> - It is important that you visit <!--coloro:red--><!--/coloro-->https://www.windowsupdate.com<!--colorc--><!--/colorc--> regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  5. <!--coloro:blue--><!--/coloro-->Install Spybot - Search and Destroy<!--colorc--><!--/colorc--> - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    https://www.bleepingcomputer.com/forums/tutorial43.html<!--colorc--><!--/colorc-->
    <!--colorc--><!--/colorc-->

  6. <!--coloro:blue--><!--/coloro-->Install Ad-Aware<!--colorc--><!--/colorc--> - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    https://www.bleepingcomputer.com/forums/tutorial48.htmlhttps://www.bleepingcomputer.com/forums/tutorial43.html<!--colorc--><!--/colorc-->


  7. <!--coloro:blue--><!--/coloro-->Install SpywareBlaster<!--colorc--><!--/colorc--> - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    https://www.bleepingcomputer.com/forums/tutorial49.html<!--colorc--><!--/colorc-->


    * <!--coloro:blue--><!--/coloro-->Update all these programs regularly<!--colorc--><!--/colorc--> - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.<!--IBF.ATTACHMENT_16942-->

<?xml:namespace prefix = v /><?xml:namespace prefix = w />User image



















Andrei Cristian Ionescu<?xml:namespace prefix = o />

QA Team Member

BullGuard Software Ltd.

Cell phone: +40 724.276.719

[3] [/3]
[color=red>[/b]

Do not PM me with logfiles. They will be deleted
Posted 3/3/2006 8:08 AM
#28673
User avatar

jampy82 Member

Date Joined Nov 2016
Total Posts: 2
I used a different method to delete the file and it work fine for me (I think).

First do the regsvr32 thing described above, then restart the computer on reboot press f8 repetedly and load windows in safe mode command prompt.

In the command prompt type: cd.. until you don't get to c: path, then type following:
cd windows (or cd winnt if you are using 2000)
cd system32
del win***32.dll (in my case the file name was wingsa32.dll

Please wait for a more expert user to verify if this is a suitable way of solving the problem.
Posted 7/24/2006 5:48 PM
#33984
User avatar

JazzMan66 Member

Date Joined Nov 2016
Total Posts: 1
:confused: hi all...
I am having the same problems as ocium did. I've triad doing all the steps given by Mr Andrei up to the point of hijackthis part...where on mine report there is no wingsa32.dll..maybe its in different name this time..so i am pasting my report below...hope Mr Andrei could help me identify the problem..thanks..



Logfile of HijackThis v1.99.1
Scan saved at 12:56:30 AM, on 25/07/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\AYAH\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url='@ivt']'@ivt'[/url] protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153590671365
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0C01101-08B9-48CD-AC13-0AD8412681AD}: NameServer = 202.188.0.133 202.188.1.5
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: winclv32 - C:\WINDOWS\SYSTEM32\winclv32.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



pls help..btw I am using Ewido..but it cant seem to detact anything.. on dll files...



:shakehead:



thanks
Posted 8/18/2006 6:38 AM
#35171
User avatar

Myth_Pennywise Member

Date Joined Nov 2016
Total Posts: 1
Hello there

Im having the same problems as the others.
ive tried the same method as Ocium but the virus just keep returning :confused: :confused: :confused:


here is my Hijakcthis log can somebody please tell which files i must delete with ewido.

Logfile of HijackThis v1.99.1
Scan saved at 8:35:15, on 18-8-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\Rar$EX00.312\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


my nod32 virusscanner is saying that its a win32/dialer trojan.

does somebody know how this virus came on my computer?

can somebody help me please

:-)
Posted 7/26/2008 3:37 PM
#63996
User avatar

tg Member

Date Joined Nov 2016
Total Posts: 1
Hey there,

I have exactly the same problem... every time I open internet explorer windows start opening and it tells me that my computer is not secure and that the computer is at risk.
All of this started after trying to download some software to open rar files, winRAR...

Sophos antivirus detects it but can't remove it.
the above things are not so usefull because the filenames are probably different.
could anyone have a look at this please?
thank you very much
Tom

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:40, on 26/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Desktop\HJTInstal\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://magicseaweed.com/UK-Ireland-MSW-Surf-Charts/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO5 - {9873E994-669E-4044-BA64-E5D9AD534A55} - C:\Windows\system32\homie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [explorer] C:\Windows\system32\explorer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Daily labbook - Shortcut.lnk = D:\Documents\OneNote Notebooks\Lab book\Daily labbook.one
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office Outlook 2007.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Thermo Bench Service (TMSRVC) - Thermo Electron Corporation - C:\Program Files\Omnic5.0\ThermoBenchService.exe

--
End of file - 9846 bytes
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 4, 2021, 9:26 AM (GMT +1)
There are a total of 61,939 posts in 13,683 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,657 registered members. Please welcome our newest member, hydrazoan.
155 Guest(s), 0 Registered Member(s) are currently online.
×

Just a minute

Privacy has never been so important.

Nearly 50% of online users are now using a VPN to protect their privacy.

Find out why

…and if it grabs you bag yourself a VPN bargain.