HELP!! My Pc is infected w/ adlogix browser hijacker(RESOLVED)
-
HELP!! My Pc is infected w/ adlogix browser hijacker(RESOLVED)
I ahve this problem that other people have had.
I just ran hijack this and here is the log report.
I appreciate the help.
Here is the result.
Logfile of HijackThis v1.99.1
Scan saved at 7:52:39 AM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Aladdin Systems\StuffIt\stuffit.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\rpdtl.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\rpdtl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28B81F58-A8C7-400F-BEA1-6EBEB356E517}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{67411ACD-F722-47C1-B76A-8B39717AF81B}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{80833F60-490B-40C9-93E2-C58C93631E8C}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7A1E320-6359-4585-B57C-131E49E406B2}: NameServer = 85.255.116.78,85.255.112.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
-
Welcome to DAL,
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.
-
Thanks for this.
here is the fixwareout report
Fixwareout ver 1.003
Last edited 04/26/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\nlcalik
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\legmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\nlcalik
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmgel.exe"=-
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is lagitamate
»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSOWP.EXE
»»»»» Misc files
* thequicklink C:\WINDOWS\System32\RPDTL.DLL
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSOWP.EXE 51,225 2006-06-04
C:\WINDOWS\SYSTEM32\DMGEL.EXE 44,113 2004-08-04
>>>>
here is the hijack this report
Logfile of HijackThis v1.99.1
Scan saved at 3:34:23 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28B81F58-A8C7-400F-BEA1-6EBEB356E517}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{67411ACD-F722-47C1-B76A-8B39717AF81B}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{80833F60-490B-40C9-93E2-C58C93631E8C}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7A1E320-6359-4585-B57C-131E49E406B2}: NameServer = 85.255.116.78,85.255.112.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
>>>
Thanks
stussyboy99
-
Thanks, next step:
Please download, install, and update the NEW free version of Ewido trojan scanner:
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Post the log Ewido makes back here please and a new hijackthis log. Thanks.
Also...
Go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.
When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).
And post a new HJT log also..
-
okay. here is the ewido log report. sorry for the delay, it took a couple of passes to do it.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 12:14:05 AM, 6/7/2006
+ Report-Checksum: F9E67CD1
+ Scan result:
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.496:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.576:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.603:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.627:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.680:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.681:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.682:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.683:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.684:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.685:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.719:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.720:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.725:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.750:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.762:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.763:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.764:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.772:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.791:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.792:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.841:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.847:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.848:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.854:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.861:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.862:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.866:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.867:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.868:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.874:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.875:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.876:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.886:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.894:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.895:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.896:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.909:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.914:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.923:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.924:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.925:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.926:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.927:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.930:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.931:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.932:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.933:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.940:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.941:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.948:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.956:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.957:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.958:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.959:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.960:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.961:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.962:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.963:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.964:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.965:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.966:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.967:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.968:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.969:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.970:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.988:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.993:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiwicpwdoqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc4.exe -> Hijacker.Small.kg : Cleaned with backup
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc5.exe -> Trojan.Hoster : Cleaned with backup
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc6.exe -> Adware.Msnagent : Cleaned with backup
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc7.exe -> Adware.FindSpy : Cleaned with backup
C:\WINDOWS\system32\dmgel.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\rpdtl.dll -> Adware.SBSoft : Cleaned with backup
::Report End
here is the hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 12:14:44 AM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28B81F58-A8C7-400F-BEA1-6EBEB356E517}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{67411ACD-F722-47C1-B76A-8B39717AF81B}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{80833F60-490B-40C9-93E2-C58C93631E8C}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7A1E320-6359-4585-B57C-131E49E406B2}: NameServer = 85.255.116.78,85.255.112.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
i will have to post the bit defender results once I have done it
thanks again
stussyboy99
-
hi there.
here is the bitdefender log
BitDefender Online Scanner
Scan report generated at: Wed, Jun 07, 2006 - 03:45:58
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
Statistics
Time
03:16:00
Files
899599
Folders
9650
Boot Sectors
3
Archives
31423
Packed Files
74343
Results
Identified Viruses
14
Infected Files
29
Suspect Files
2
Warnings
0
Disinfected
0
Deleted Files
31
Engines Info
Virus Definitions
386750
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
40
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>SandBoxEscape.class
Infected with: Trojan.Java.Byteverify.Exploit.B
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>SandBoxEscape.class
Disinfection failed
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>SandBoxEscape.class
Deleted
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip
Updated
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>SuperMSClassLoader.class
Infected with: Trojan.Exploit.ByteVerify.L
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>SuperMSClassLoader.class
Disinfection failed
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>SuperMSClassLoader.class
Deleted
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip
Updated
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>NewURLClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>NewURLClassLoader.class
Disinfection failed
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>NewURLClassLoader.class
Deleted
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip
Updated
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>Installer.class
Infected with: Trojan.Exploit.ByteVerify.L
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>Installer.class
Disinfection failed
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>Installer.class
Deleted
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip
Updated
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>GetAccess.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>GetAccess.class
Disinfection failed
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>GetAccess.class
Deleted
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip
Updated
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>InsecureClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>InsecureClassLoader.class
Disinfection failed
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>InsecureClassLoader.class
Deleted
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip
Updated
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>Dummy.class
Infected with: Trojan.Java.Classloader.Dummy.A
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>Dummy.class
Disinfection failed
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>Dummy.class
Deleted
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip
Updated
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>Installer.class
Infected with: Java.Trojan.OpenConnection.F
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>Installer.class
Disinfection failed
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>Installer.class
Deleted
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip
Updated
C:\Documents and Settings\Owner\Local Settings\Temp\start.exe
Suspected of: Trojan.Downloader.Small.Gen
C:\Documents and Settings\Owner\Local Settings\Temp\start.exe
Disinfection failed
C:\Documents and Settings\Owner\Local Settings\Temp\start.exe
Deleted
C:\Documents and Settings\Owner\Local Settings\Temp\svchost.exe
Suspected of: BehavesLike:Trojan.Downloader
C:\Documents and Settings\Owner\Local Settings\Temp\svchost.exe
Disinfection failed
C:\Documents and Settings\Owner\Local Settings\Temp\svchost.exe
Deleted
C:\hp\bin\Terminator.exe
Infected with: Trojan.Killapp.30208.A
C:\hp\bin\Terminator.exe
Disinfection failed
C:\hp\bin\Terminator.exe
Deleted
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc35\prompt[1].htm
Infected with: Trojan.Isbar.83
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc35\prompt[1].htm
Disinfection failed
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc35\prompt[1].htm
Deleted
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[10].htm
Infected with: JS.Trojan.Downloader.IstBar.A
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[10].htm
Disinfection failed
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[10].htm
Deleted
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[2].htm
Infected with: JS.Trojan.Downloader.IstBar.A
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[2].htm
Disinfection failed
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[2].htm
Deleted
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[5].htm
Infected with: JS.Trojan.Downloader.IstBar.A
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[5].htm
Disinfection failed
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[5].htm
Deleted
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[7].htm
Infected with: JS.Trojan.Downloader.IstBar.A
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[7].htm
Disinfection failed
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[7].htm
Deleted
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[1].htm
Infected with: Trojan.Isbar.83
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[1].htm
Disinfection failed
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[1].htm
Deleted
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[2].htm
Infected with: Trojan.Isbar.83
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[2].htm
Disinfection failed
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[2].htm
Deleted
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[3].htm
Infected with: Trojan.Isbar.83
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[3].htm
Disinfection failed
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[3].htm
Deleted
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[4].htm
Infected with: Trojan.Isbar.83
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[4].htm
Disinfection failed
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[4].htm
Deleted
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245265.exe
Infected with: Trojan.Downloader.FFZ
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245265.exe
Disinfection failed
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245265.exe
Deleted
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245274.exe
Infected with: MemScan:Trojan.Small.AA
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245274.exe
Disinfection failed
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245274.exe
Deleted
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245278.exe
Infected with: Trojan.Downloader.FFZ
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245278.exe
Disinfection failed
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245278.exe
Deleted
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245285.exe
Infected with: MemScan:Trojan.Small.AA
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245285.exe
Disinfection failed
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245285.exe
Deleted
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245396.exe
Infected with: Trojan.Downloader.Small.AOR
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245396.exe
Disinfection failed
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245396.exe
Deleted
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245398.exe
Infected with: Trojan.Fakealert
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245398.exe
Disinfection failed
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245398.exe
Deleted
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245399.exe
Infected with: Trojan.Click.526
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245399.exe
Disinfection failed
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245399.exe
Deleted
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245400.exe
Infected with: MemScan:Trojan.Small.AA
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245400.exe
Disinfection failed
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245400.exe
Deleted
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245401.dll
Detected with: Adware.Iectr.A
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245401.dll
Disinfection failed
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245401.dll
Deleted
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245406.exe
Infected with: Trojan.Killapp.30208.A
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245406.exe
Disinfection failed
C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245406.exe
Deleted
C:\WINDOWS\system32\csowp.exe
Infected with: Trojan.Downloader.FFZ
C:\WINDOWS\system32\csowp.exe
Disinfection failed
C:\WINDOWS\system32\csowp.exe
Deleted
and here is the new Logfile of HijackThis v1.99.1
Scan saved at 7:07:03 AM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28B81F58-A8C7-400F-BEA1-6EBEB356E517}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{67411ACD-F722-47C1-B76A-8B39717AF81B}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{80833F60-490B-40C9-93E2-C58C93631E8C}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7A1E320-6359-4585-B57C-131E49E406B2}: NameServer = 85.255.116.78,85.255.112.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
k this log
-
HI,
Create a folder such as C:\HJT or C:\Program Files\HJT and move HJT.exe into the newly created folder so we can have avaiable backups in case you fix the wrong thing or I make a mistake. Very important.
Run hiajckthis and click on scan button and put checks next to these:
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28B81F58-A8C7-400F-BEA1-6EBEB356E517}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{67411ACD-F722-47C1-B76A-8B39717AF81B}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{80833F60-490B-40C9-93E2-C58C93631E8C}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7A1E320-6359-4585-B57C-131E49E406B2}: NameServer = 85.255.116.78,85.255.112.227
Make sure nothing is open but hijackthis and click on fix checked.
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):
DELETE FILES:
ALCXMNTR.EXE
Reboot normal mode and find this file below and right click it and select properties and post that info if any.
C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe
-
Neil
excuse my ignorance but where do I find the hijack this.exe? I have the application as an icon on my desktop, but when I try to move it, it just creates a shortcut to it in the folder I created in the C drive called HJT. i found a hijack this .exe file when I searched, but this was identified as a stuffit encoded file. is this what I am looking for.
all the files you have listed do exist when your run a hijack this scan, but it's the first stage that has thrown me.
can you talk me through it.
sorry.
stussyboy99
-
also. i/explorer was run tonight (i normally run firefox) after the above was carried out and weird things happened. also, i got a warning from my computer that spyware was present. was running i/explorer a bad thing to do? do we need to go back and do any of the steps again?
my windows browsers now have unwanted search toolbars that had appeared before, but had disappeared during the course of doing the above actions you had told me to do.
sorry to be such a newbie.
-
No problem,
Delete the hijackthis you now have
Just go to this link here: www.merijn.org/files/hijackthis_sfx.exe
That link will install hijackthis to the proper place automatically, right now it is on the desktop.
