Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Long time guest reader, now losing my hair...


  • This topic is locked This topic is locked

#31
Maven911

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi,
a few things....
I couldn't delete the dmxij.exe file, it was nowhere to be found in the System32 dir, but I did find "O" and deleted it.
I ran Ad-aware again, I forgot to save the logfile.
I can't update the Java Plug-in Control Panel, a webpage pops-up and says Http 404: Page not found.
I deleted the cache, but I don't "see" all those optiosn you are talking about.
Also, in the end of the before last post, do u mean SpySweeper or SpyDoctor (I dont have Sweeper and Ive already used up its 15 days trial period).

I'll run the Trend-Micro....

But I have a feeling that we are running the tests all over again...

ah well... :tazz:
  • 0

Advertisements


#32
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Did you delete this file;
C:\DOCUMENTS AND SETTINGS\ALL USERS\FAVORITES\AdultGambling.url

Did you completely clear out everything from SpywareDoctor's quarantine?

I did mean SpySweeper, but if you could, please follow all the steps AGAIN.. BUT instead of SpySweeper, run updated Ewido. (Let it fix anything it finds.)

Run the TrendMicro scan, and please run a NEW scan with Panda again and post the results along with the TrendMicro results.

Also do the following;
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and paste the List from the notebook onto your post
Post that too.

Ask any questions you might have before proceeding the steps..

As for the Java, can you first uninstall your current version COMPLETELY, then get the latest one here;
http://www.java.com/...load/manual.jsp

Hope this helps.

- Rawe :tazz:

Edited by Rawe, 02 August 2005 - 04:01 AM.

  • 0

#33
Maven911

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Okay, I'll get it done,
but it's going to take me a while at least till the end of this weekend, since I don't get a lot of time after I go home to run these online scans.
Thank you for your patience.
:tazz:
  • 0

#34
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Thank you for letting me know.. :tazz:
  • 0

#35
Maven911

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Okay,
so it still redirect URL's.

I did delete the AdultGambling URL, all my virus and spy sweeper quarantines are emptied (including SpyDoctor).

I did the scans, most of the same stuff as before gets detected again (if you look at my back posts)

Here are the logs:


Ad-Aware Log:


Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, August 07, 2005 8:11:56 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R60 04.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):3 total references
MRU List(TAC index:0):20 total references
Tracking Cookie(TAC index:3):4 total references
Win32.TrojanDownloader.Access.B(TAC index:8):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


8-7-2005 8:11:56 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-1644491937-839522115-1957994488-500\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-839522115-1957994488-500\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-839522115-1957994488-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-839522115-1957994488-500\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-839522115-1957994488-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-839522115-1957994488-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-839522115-1957994488-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-839522115-1957994488-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv
Description : file conversion location settings in musicmatch jukebox


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 136
ThreadCreationTime : 8-8-2005 3:08:39 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 188
ThreadCreationTime : 8-8-2005 3:08:45 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 212
ThreadCreationTime : 8-8-2005 3:08:46 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 256
ThreadCreationTime : 8-8-2005 3:08:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 268
ThreadCreationTime : 8-8-2005 3:08:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 464
ThreadCreationTime : 8-8-2005 3:08:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 8-8-2005 3:08:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [wrsssdk.exe]
FilePath : C:\Program Files\Spy Sweeper\
ProcessID : 524
ThreadCreationTime : 8-8-2005 3:08:55 AM
BasePriority : Normal
FileVersion : 1,0,3,263
ProductVersion : 1, 0
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper SDK
LegalCopyright : Copyright © 2002 - 2004, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 780
ThreadCreationTime : 8-8-2005 3:09:07 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 928
ThreadCreationTime : 8-8-2005 3:10:17 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-839522115-1957994488-500\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Win32.TrojanDownloader.Access.B Object Recognized!
Type : RegData
Data : {54645654-2225-4455-44A1-9F4543D34544}
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\shellserviceobjectdelayload
Value : SystemCheck
Data : {54645654-2225-4455-44A1-9F4543D34544}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 24


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : 1@0[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Shan\My Documents\Libary Of Alex 2\Cookies\1@0[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : shan@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Shan\Cookies\shan@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : shan@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Shan\Cookies\shan@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sana@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Sana\Cookies\sana@atdmt[2].txt

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 28




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.TrojanDownloader.Access.B Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\shellserviceobjectdelayload
Value : SystemCheck

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 29

8:23:53 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:57.1
Objects scanned:164243
Objects identified:9
Objects ignored:0
New critical objects:9
  • 0

#36
Maven911

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
TrendMicro Scan:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:34:37 AM, 08/08/2005
+ Report-Checksum: D002F98A

+ Scan result:

C:\WINDOWS\SYSTEM32\hclean32.exe -> Trojan.Qhost.qr : Cleaned with backup
C:\WINDOWS\SYSTEM32\ntfsnlpa.exe -> Spyware.Msnagent : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Sana\Application Data\Mozilla\Profiles\default\pz4gsgtm.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Abu\Application Data\Mozilla\Firefox\Profiles\h6lpo1ac.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\knht9emt.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\knht9emt.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup


::Report End
  • 0

#37
Maven911

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
The previous one was Ewido Suite, my fault.

TrendMicro Online scan:

Virus Scan 20 viruses detected


Results:
We have detected 14 infected file(s) with 20 virus(es) on your computer. Only 0 out of 0 infected files are displayed.
Detected File Associated Virus Name
C:\Documents and Settings\Sana\.jpi_cache\jar\1.0\classload.jar-1f8050ce-12b59e21.zip
- GetAccess.class JAVA_BYTEVER.A
- InsecureClassLoader.class JAVA_BYTEVER.A
- Dummy.class JAVA_BYTEVER.A
- Installer.class JAVA_BYTEVER.A
C:\Documents and Settings\Abu\.jpi_cache\jar\1.0\classload.jar-1f8050ce-1c7d2de8.zip
- GetAccess.class JAVA_BYTEVER.A
- InsecureClassLoader.class JAVA_BYTEVER.A
- Dummy.class JAVA_BYTEVER.A
- Installer.class JAVA_BYTEVER.A
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP3\A0000863.exe TROJ_QHOST.AA
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP4\A0000895.exe TROJ_QHOST.AA
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP4\A0000912.exe TROJ_QHOST.AA
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP5\A0000962.EXE TROJ_QHOST.AA
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP6\A0000987.exe TROJ_QHOST.AA
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP6\A0001013.exe TROJ_QHOST.AA
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP6\A0002068.exe TROJ_QHOST.AA
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP6\A0002101.exe TROJ_QHOST.AA
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP6\A0002138.exe TROJ_QHOST.AA
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP7\A0002179.exe TROJ_QHOST.AA
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP7\A0002208.EXE TROJ_QHOST.AA
C:\System Volume Information\_restore{F191C836-CE66-451D-B93A-9320ECD1136F}\RP8\A0002246.exe TROJ_QHOST.AA




Trojan/Worm Check No worm/Trojan horse detected

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed.
Trojan/Worm Name Trojan/Worm Type




Spyware Check No spyware program detected

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 0 spyware(s) on your computer. Only 0 out of 0 spywares are displayed.
Spyware Name Spyware Type




Microsoft Vulnerability Check 20 vulnerabilities detected
  • 0

#38
Maven911

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
My Installed Programs List Log And HijackThis Log after that:

2000 National Industrial Select
3D CurveBall
3D UltraPong
Abuse for Windows - Full
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Reader 6.0
Agnitum Tauscan 1.7
Autodesk DWF Viewer
AVG Free Edition
BearShare
Belarc Advisor 6.1
Britannica Almanac 2005 CD
Canon MP Drivers
Canon MP Toolbox 4.1.1.0.mp10
CleanUp!
Cole2k Media - Codec Pack (Advanced)
Creative MediaSource
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Creative WebCam Instant User's Guide (English)
DivX
DivX Player
DriverLINX Port I/O Driver
EPSON Answers Online Guide
ewido security suite
FAST2004
FaxTalk NetOnHold
Get Yahoo! Messenger
GIMPshop .1 beta
Google Earth Plus
GTAIII
Hexic Deluxe
HijackThis 1.99.1
IE Privacy Cleaner
InterActual Player
J2SE Development Kit 5.0 Update 1
J2SE Runtime Environment 5.0 Update 1
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
JCreator LE 3.50
jEdit 4.2
Kaspersky Anti-Virus Web Scanner
Light Driver
Macromedia Shockwave Player
Maple 7
MATLAB 6.1
Microsoft AntiSpyware
Microsoft Internet Explorer 6 SP1
Microsoft Office 2000 Premium
Microsoft Visio Professional 2002 [English]
Mozilla Firefox (1.0.3)
MSN Add-in for Windows Messenger
MSN Gaming Zone
MSN Messenger 7.0
MSN Toolbar
MusicMatch Jukebox 4
Nero - Burning Rom
NetBeans IDE 4.0
NetoDragon 56K Voice Modem
Netscape (7.2)
OmniPage SE 2.0
PacShooter 1.0
Panda Antivirus Platinum
PowerDVD
QuickTime
RealPlayer
RegSupreme 1.2
Ricochet Lost Worlds: Recharged
ScreenCam Demo
ScreenVirtuoso Pro 1.5
Shareaza version 2.1.0.0
SMGlobal FastMaint 4.3.3
SoccerPong 3D
Spy Sweeper
Spybot - Search & Destroy 1.3
Spyware Doctor 3.1
Summer Bound 1.0
Symantec Worm Simulator
The Canadian Encyclopedia: World Edition
The Virus
Trend Micro Anti-Spyware
Uninstall VaroMan Manager
VaroMan
VCW VicMan's Photo Editor 7.82
Windows Registry Guide 2003
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB887822
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Uninstall
WinPatrol
Working Model 3D Simulations
Working Model View 5.0


(On the list, The Virus is a game by the way)



HijackThis Log:


Logfile of HijackThis v1.99.1
Scan saved at 12:57:47 AM, on 08/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido security suite\ewidoctrl.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Shan\Desktop\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Shan\Application Data\Mozilla\Profiles\default\jw91rha3.slt\prefs.js)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121900481909
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{633A6F70-EC6F-4182-94D7-0081FEB099E6}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B34E30-24FD-4D36-9BC0-EC485D83B80C}: NameServer = 69.50.184.86,85.255.112.9
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido security suite\ewidoctrl.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MathLab\webserver\bin\win32\matlabserver.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy Sweeper\WRSSSDK.exe
  • 0

#39
Maven911

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I also ran Clean-up like u said.

I also uninstalled java runtime environment, then the control panel: Java plug-in changed to Java, and I was able to delete the 3 kinds of temp files...
but now I tried to install the newer version..and it give me an error every time....
It says: Error 1311 Source file does not exist. C:\Documents and Settings\Shan\Local Settings\Temporary Internet Files\Content IE.5\M9SV6DUB\ja1500000[1].cab.

...
  • 0

#40
Maven911

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
So, I still have the redirection of URL's and there's no more "java plug-in" in my control panel, just "java"...

Also, I want you to take a look at this:
Ad-aware found this virus, and if you go to the solution page: http://www.trendmicr.....T.AA&VSect=Sn
you see that it makes reference to hclean32.exe (in the registry).

and then I ran ewido, and it also refound again hclean32.exe (as a file).

Interesting, don't you think?
  • 0

Advertisements


#41
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe

4. Delete the files. (if present)

These files might either be found in C:\ C:\Windows or C:\Windows\System32 if found delete.

msconfg.exe

5. Reboot and post a new Hijackthis log here in a reply.
  • 0

#42
Maven911

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Okay, ill do that once I get home,
and what about the Java plug-in on the control panel, how do I get it to change from "Java" to "Java plug-in". (Like it was before...)
  • 0

#43
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Not sure about that I just want to get you clean first.
  • 0

#44
Maven911

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi, okay I want to be clean too :tazz:

Status: Still redirects URL's and little pop-ups come up saying my computer is infected by a spyware (done by the virus itself).

In safe mode, I deleted the two, but couldnt find:
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe

Also, there was no msconfig.exe in the C: and System's folders.
And it seems that after the rebbot, both of the things I deleted came bacK,
here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 8:31:55 PM, on 08/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido security suite\ewidoctrl.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Documents and Settings\Shan\Desktop\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Shan\Application Data\Mozilla\Profiles\default\jw91rha3.slt\prefs.js)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121900481909
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{633A6F70-EC6F-4182-94D7-0081FEB099E6}: NameServer = 69.50.184.86,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B34E30-24FD-4D36-9BC0-EC485D83B80C}: NameServer = 69.50.184.86,85.255.112.9
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido security suite\ewidoctrl.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MathLab\webserver\bin\win32\matlabserver.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spy Sweeper\WRSSSDK.exe
  • 0

#45
Maven911

Maven911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Okay,
the weirdest thing, one of the sites that redirects URL's, DIDN't do it..
I was shocked.
So I closed my browser, and went on the site again, but then it redirected it again... :tazz:

(Did deleting those things from Hijack this do that?)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP