There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
adware audio bios blue screen boot bsod computer connection crash dell desktop driver email error excel firefox freeze google hard drive hardware hijackthis install internet laptop linux malware network no sound outlook problem recovery router screen server slow sound speakers spyware startup trojan usb video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Got some kind of backdoor (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 2 of 3 1 2 3
 
Thread Tools
IGotHijacked's Avatar
Junior Member with 28 posts.
  
Join Date: Mar 2004
19-Sep-2006, 07:53 PM #16
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

뻣뻣뻣뻣뻣뻣뻣뻣?Windows OS and Versions 뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣?
Logfile created on: 9/19/2006 7:28:37 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Carl Davis\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

뻣뻣뻣뻣뻣뻣뻣뻣?Checking Selected Standard Folders 뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣

Checking %SystemDrive% folder...
PEC2 9/17/2006 10:23:34 PM 82944 C:\dllmx.exe ()
PECompact2 9/17/2006 10:23:34 PM 82944 C:\dllmx.exe ()
PEC2 9/12/2006 11:51:52 PM 43520 C:\logn.exe ()
PECompact2 9/12/2006 11:51:52 PM 43520 C:\logn.exe ()
UPX! 9/14/2006 8:04:26 PM 48640 C:\pmcb.exe ()

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 8/30/2005 10:41:36 PM 65536 C:\WINDOWS\IFinst27.exe ()

Checking %System% folder...
PEC2 9/3/2002 3:36:16 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 8/9/2005 6:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks)
PECompact2 8/9/2005 6:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks)
UPX! 9/17/2006 10:04:12 PM 48640 C:\WINDOWS\SYSTEM32\ktqcjm.exe ()
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 8/2/2006 9:22:50 PM 8255912 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/2/2006 9:22:50 PM 8255912 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/4/2004 3:56:54 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 9/3/2002 4:02:12 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/19/2006 7:27:08 PM S 2048 C:\WINDOWS\bootstat.dat ()
9/14/2006 12:24:48 AM HS 40973 C:\WINDOWS\system32\khfggfc.dll ()
9/17/2006 3:10:32 AM HS 923698 C:\WINDOWS\system32\vuuvw.bak1 ()
9/19/2006 4:06:06 PM HS 915324 C:\WINDOWS\system32\vuuvw.bak2 ()
9/19/2006 7:16:14 PM HS 920229 C:\WINDOWS\system32\vuuvw.ini ()
7/28/2006 8:16:08 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat ()
7/27/2006 10:00:28 AM S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat ()
9/19/2006 7:26:54 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
9/19/2006 7:27:22 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
9/19/2006 7:27:08 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG ()
9/19/2006 7:35:16 PM H 204800 C:\WINDOWS\system32\config\software.LOG ()
9/19/2006 7:27:26 PM H 937984 C:\WINDOWS\system32\config\system.LOG ()
8/9/2006 5:21:16 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
8/19/2006 9:04:58 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\62b168c9-9be5-4adc-8f0e-f4e7e833b734 ()
8/19/2006 9:04:58 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
9/19/2006 7:26:08 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()
9/14/2006 12:25:18 AM HS 43 C:\WINDOWS\Temp\removalfile.bat ()

Checking for CPL files...
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
9/3/2002 3:42:42 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
9/3/2002 3:48:36 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
10/26/2004 12:01:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
9/3/2002 3:50:50 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
11/11/2002 5:57:32 PM 77824 C:\WINDOWS\SYSTEM32\STAC97.cpl (SigmaTel Inc.)
8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
9/3/2002 3:59:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
9/3/2002 3:42:42 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
9/3/2002 3:48:36 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
9/3/2002 3:50:50 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
9/3/2002 3:59:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
2/10/2003 9:27:00 AM 139264 C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\nvtuicpl.cpl (NVIDIA Corporation)

Checking for Downloaded Program Files...
{3451DEDE-631F-421C-8127-FD793AFC6CC8} - ActiveDataInfo Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
{44990200-3C9D-426D-81DF-AAB636FA4345} - Symantec SmartIssue - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
{44990301-3C9D-426D-81DF-AAB636FA4345} - Symantec Script Runner Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/s...sh/swflash.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab
Yahoo! Literati - - CodeBase = http://download.games.yahoo.com/game...ts/y/tt3_x.cab
Yahoo! Pool 2 - - CodeBase = http://download.games.yahoo.com/game...s/y/pote_x.cab

뻣뻣뻣뻣뻣뻣뻣뻣?Checking Selected Startup Folders 뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣?

Checking files in %ALLUSERSPROFILE%\Startup folder...
5/24/2005 4:20:02 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
5/22/2005 4:21:14 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
8/25/2005 7:52:46 PM 815 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
5/22/2005 12:29:32 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
5/22/2005 4:21:14 PM HS 84 C:\Documents and Settings\Carl Davis\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
5/24/2005 4:18:40 PM 875 C:\Documents and Settings\Carl Davis\Application Data\AdobeDLM.log ()
5/22/2005 12:29:32 PM HS 62 C:\Documents and Settings\Carl Davis\Application Data\desktop.ini ()
5/24/2005 4:18:40 PM 0 C:\Documents and Settings\Carl Davis\Application Data\dm.ini ()
5/7/2006 10:57:12 AM 0 C:\Documents and Settings\Carl Davis\Application Data\sversion.ini ()

뻣뻣뻣뻣뻣뻣뻣뻣?Checking Selected Registry Keys 뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣?

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{0D830E1D-7892-4E2A-8643-0C14BA9EA6E8} - = C:\WINDOWS\system32\wvuuv.dll ()
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{A7327C09-B521-4EDB-8509-7D2660C9EC98} - Viewpoint Toolbar BHO = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll (Viewpoint Corporation)
\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - = C:\WINDOWS\system32\vjytthnn.dll ()

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - NewsStand Toolbar = C:\Program Files\NewsStand\Reader\NSIETool.dll (NewsStand, Inc.)
\\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll (Viewpoint Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8196
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8193 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 = Windows Messenger
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8195 = Sun Java Console

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{BDA77241-42F6-11d0-85E2-00AA001FE28C} - LDVP Shell Extensions = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{248A7248-2D62-4B49-ACFB-0C1B70C04F0D} - PKZIP Shell Extension = C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll (PKWARE, Inc.)
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{28710882-150A-48A6-A858-2FC774BA822E} - Viewpoint Photos Shell Extension = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewpointPhotosShellExt.dll (Viewpoint Corporation)
\\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - OpenOffice.org Column Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} - OpenOffice.org Infotip Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\\{3B092F0C-7696-40E3-A80F-68D74DA84210} - OpenOffice.org Thumbnail Viewer = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\PKZIP Shell Extension - {248A7248-2D62-4B49-ACFB-0C1B70C04F0D} = C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll (PKWARE, Inc.)
\ViewpointPhotosExt - {28710882-150A-48A6-A858-2FC774BA822E} = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewpointPhotosShellExt.dll (Viewpoint Corporation)
\WinRAR - = ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMen uHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\WinRAR - = ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMen uHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\PKZIP Shell Extension - {248A7248-2D62-4B49-ACFB-0C1B70C04F0D} = C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll (PKWARE, Inc.)
\ViewpointPhotosExt - {28710882-150A-48A6-A858-2FC774BA822E} = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewpointPhotosShellExt.dll (Viewpoint Corporation)
\WinRAR - = ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - OpenOffice.org Column Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
Logitech Utility - C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
vptray - C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll ()
CARPService - C:\WINDOWS\SYSTEM32\carpserv.exe (Conexant Systems)
Apoint - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
IMJPMIG8.1 - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MSPY2002 - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe ()
PHIME2002ASync - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
PHIME2002A - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
HPDJ Taskbar Utility - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
ViewMgr - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
ViewpointPhotosDeviceConnect - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe (Viewpoint Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo mponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnc e]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
NewsStand.Scheduler - C:\Program Files\NewsStand\Reader\ADLSched.exe (NewsStand, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
Register for free to hide this ad!
IGotHijacked's Avatar
Junior Member with 28 posts.
  
Join Date: Mar 2004
19-Sep-2006, 07:53 PM #17
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe (3M)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Carl Davis\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\NavLogon - C:\WINDOWS\System32\NavLogon.dll = (Symantec Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\wvuuv - C:\WINDOWS\system32\wvuuv.dll = ()

>>> DNS Name Servers <<<
{975906FC-FC4A-4B3E-BB65-2CF486870F4E} - (Broadcom 570x Gigabit Integrated Controller)
{A6D3F2A5-ACE9-4FF4-93E7-B0509412BB88} - (Intel(R) PRO/Wireless LAN 2100 3A Mini PCI Adapter)
{D66A441A-1D1B-4F2A-B378-B0B6F1D7C140} - ()
{E3BE02DD-947F-4A44-A743-B14A4538B911} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Na meSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Pr otocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 145

>>>>Output for AddOn file Security.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusOverride - 0
Security Center\\AntiVirusDisableNotify - 1
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\FirewallOverride - 0
Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
BITS\\Type - 32
BITS\\Start - 3
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - Rpcss;
BITS\\DependOnGroup -
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup -
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\Epoch\\Epoch - 229293
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
Key not found
SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E3BE02DD-947F-4A44-A743-B14A4538B911} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{D66A441A-1D1B-4F2A-B378-B0B6F1D7C140} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A6D3F2A5-ACE9-4FF4-93E7-B0509412BB88} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{975906FC-FC4A-4B3E-BB65-2CF486870F4E} - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1


뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Scan Complete 뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣
IGotHijacked's Avatar
Junior Member with 28 posts.
  
Join Date: Mar 2004
19-Sep-2006, 07:55 PM #18
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yjjrbtme

*******************

Script file located at: \??\C:\WINDOWS\hcuyuwxd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\wvuuv.dll deleted successfully.
File C:\WINDOWS\system32\jqbyny.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.










Logfile of HijackThis v1.99.1
Scan saved at 7:49:47 PM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\puppy.exe.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D830E1D-7892-4E2A-8643-0C14BA9EA6E8} - C:\WINDOWS\system32\wvuuv.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\vjytthnn.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - C:\Program Files\NewsStand\Reader\NSIETool.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NewsStand.Scheduler] "C:\Program Files\NewsStand\Reader\ADLSched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvuuv - C:\WINDOWS\system32\wvuuv.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Cookiegal's Avatar
Administrator with 63,387 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
20-Sep-2006, 01:37 PM #19
Go to Control PanelAdd/Remove programs and remove the following, if there:


Viewpoint
Viewpoint Toolbar


Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.


O2 - BHO: (no name) - {0D830E1D-7892-4E2A-8643-0C14BA9EA6E8} - C:\WINDOWS\system32\wvuuv.dll (file missing)

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\vjytthnn.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar
V35\ViewBar.dll

O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe

O20 - Winlogon Notify: wvuuv - C:\WINDOWS\system32\wvuuv.dll (file missing)




Run Avenger again using this script:

Quote:
Files to delete:
C:\dllmx.exe
C:\logn.exe
C:\pmcb.exe
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\SYSTEM32\ktqcjm.exe
C:\WINDOWS\system32\khfggfc.dll
C:\WINDOWS\system32\vjytthnn.dll
C:\WINDOWS\system32\vuuvw.bak1
C:\WINDOWS\system32\vuuvw.bak2
C:\WINDOWS\system32\vuuvw.ini
C:\WINDOWS\Temp\removalfile.bat

Folders to delete:
C:\Program Files\Viewpoint

Reboot and post another HijackThis log please.
__________________
Microsoft MVP - Consumer Security
IGotHijacked's Avatar
Junior Member with 28 posts.
  
Join Date: Mar 2004
20-Sep-2006, 07:39 PM #20
Logfile of HijackThis v1.99.1
Scan saved at 7:36:59 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\NewsStand\Reader\ADLSched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis\puppy.exe.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - C:\Program Files\NewsStand\Reader\NSIETool.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NewsStand.Scheduler] "C:\Program Files\NewsStand\Reader\ADLSched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



I also got a new Symantec AntiVirus Notification in case this helps:

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Hacktool.Spammer
File: C:\System Volume Information\_restore{CA832B9D-0EB5-4B0B-A1A7-252D05468229}\RP410\A0085179.exe
Location: Quarantine
Computer: CARL
User: SYSTEM
Action taken: Quarantine succeeded : Access denied
Date found: Wednesday, September 20, 2006 6:51:04 PM
Cookiegal's Avatar
Administrator with 63,387 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
20-Sep-2006, 07:56 PM #21
The log looks fine but I would like you to do the following to make sure there's nothing else lingering.

Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires it becomes freeware with reduced functions but still worth keeping.


  • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.

  • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
  • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process. Be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido and reboot your system back into Normal Mode.


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.
__________________
Microsoft MVP - Consumer Security
IGotHijacked's Avatar
Junior Member with 28 posts.
  
Join Date: Mar 2004
20-Sep-2006, 10:59 PM #22
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:40:00 PM 9/20/2006

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6AWCJ2C7\d224_test2[1].exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XEX0X8VR\d222_test1[1].exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/dllmx.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\ctps.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/bmp[1].exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/cjnr4r4zkuf.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/d222_test1[1].exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/dior4f4akvgrbmx.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/nlkfev7akvgr.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/ntms.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/pcst2.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/sklrr7yrcny.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/sklrr7ysdnyjufqbm.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6AWCJ2C7\d227_seven2[1].exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\vcb.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/csts.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_11_58].cab/C:\WINDOWS\system32\csts.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_12_10].cab/C:\WINDOWS\system32\csts.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/dllhost.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_11_58].cab/C:\WINDOWS\system\dllhost.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_12_10].cab/C:\WINDOWS\system\dllhost.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\L7VQ8ZG9\logn[1].exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/logn.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\mt2560.exe -> Downloader.Small.dtz : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_11_58].cab/C:\WINDOWS\system32\jqbyny.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_12_10].cab/C:\WINDOWS\system32\jqbyny.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8AW41GGH\win32[1].exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\avenger\backup-09.20.2006 Wed-17.47.01.37.zip/avenger/jqbyny.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/pmcb.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/elk.exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/pizza.exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_11_58].cab/C:\elk.exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_11_58].cab/C:\pizza.exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_12_10].cab/C:\elk.exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_12_10].cab/C:\pizza.exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\L7VQ8ZG9\elk[1].exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XEX0X8VR\pizza[1].exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.284:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.285:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.286:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.288:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.289:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.293:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.294:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.295:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.297:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.300:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.301:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.305:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.306:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.307:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.308:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.309:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.310:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.311:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.316:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.317:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.319:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.320:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.321:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.322:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.323:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.330:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.458:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.577:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.586:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.742:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.897:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Cookies\carl davis@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.505:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.506:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.416:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.417:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.418:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.419:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.421:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.422:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.390:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.392:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.499:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.500:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.501:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.502:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.571:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.572:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.578:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.579:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.580:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.581:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.582:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.583:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.584:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.606:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.607:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.900:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.901:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.902:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
IGotHijacked's Avatar
Junior Member with 28 posts.
  
Join Date: Mar 2004
20-Sep-2006, 11:01 PM #23
:mozilla.903:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.595:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.596:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.597:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.498:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.375:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.376:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.377:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.378:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Cookies\carl davis@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.540:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.541:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.542:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.543:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.544:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.554:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.555:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.556:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.557:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.391:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.367:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.720:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Cookies\carl davis@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Cookies\carl davis@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.331:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.332:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.333:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.334:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.335:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Cookies\carl davis@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.624:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.625:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.626:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.627:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.570:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.838:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.839:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.840:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.841:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.842:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.531:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.532:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
IGotHijacked's Avatar
Junior Member with 28 posts.
  
Join Date: Mar 2004
20-Sep-2006, 11:02 PM #24
:mozilla.65:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.860:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.861:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.934:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.879:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.880:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.881:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.882:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.883:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.884:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.885:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.886:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.430:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.431:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.432:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.380:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.381:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.382:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.383:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.384:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.385:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.899:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.435:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.916:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.917:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.359:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.361:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.362:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.363:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.364:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.365:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.366:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.368:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.370:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt ->
TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.371:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Cookies\carl davis@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.921:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.922:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.923:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.924:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20060920-174238-590.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/vjytthnn.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).


::Report end










Incident Status Location

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.go.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.belnk.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Carl Davis\Cookies\carl davis@atwola[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Carl Davis\Cookies\carl davis@drivecleaner[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Carl Davis\Cookies\carl davis@go[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Carl Davis\Cookies\carl davis@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Carl Davis\Cookies\carl davis@www.drivecleaner[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carl Davis\Desktop\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carl Davis\Desktop\SDFix.zip[SDFix/apps/Process.exe]
Virus:Trj/FireByPass.AP Disinfected C:\Documents and Settings\Carl Davis\Local Settings\Temp\xtiwr.exe








Logfile of HijackThis v1.99.1
Scan saved at 11:00:10 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\puppy.exe.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - C:\Program Files\NewsStand\Reader\NSIETool.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NewsStand.Scheduler] "C:\Program Files\NewsStand\Reader\ADLSched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Cookiegal's Avatar
Administrator with 63,387 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
21-Sep-2006, 12:07 PM #25
You need to clear your cookies in both browsers.

Clean your Cache and Cookies in IE:
Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK


Clean your Cache and Cookies in Firefox:
Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information


How are things running now?
__________________
Microsoft MVP - Consumer Security
IGotHijacked's Avatar
Junior Member with 28 posts.
  
Join Date: Mar 2004
21-Sep-2006, 02:35 PM #26
Done. My browser doesn't seem to be hijacked anymore and I haven't gotten another Symantec Virus Threat Notification yet...am I clean?
Cookiegal's Avatar
Administrator with 63,387 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
21-Sep-2006, 04:27 PM #27
Yes, it seems so.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on My Computer and click on Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on StartAll ProgramsAccessoriesSystem Tools and then select System Restore.

In the System Restore wizard, select Create a restore point and click the Next button.

Type a name for your new restore point then click on Create.


I also recommend downloading SPYWAREBLASTER for added protection.

Read here for info on how to tighten your security.



Delete your temporary files:

In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.

Go to Start - Run and type %temp% in the Run box. The Temp folder will open. Click Edit - Select All then hit Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel - Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the recycle bin.
__________________
Microsoft MVP - Consumer Security
IGotHijacked's Avatar
Junior Member with 28 posts.
  
Join Date: Mar 2004
21-Sep-2006, 06:08 PM #28
I haven't done your last set of directions yet but I did just get this Symantec AntiVirus Notification:

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan.Vundo
File: C:\System Volume Information\_restore{CA832B9D-0EB5-4B0B-A1A7-252D05468229}\RP410\A0085270.dll
Location: Quarantine
Computer: CARL
User: SYSTEM
Action taken: Quarantine succeeded : Access denied
Date found: Thursday, September 21, 2006 4:11:54 PM

I know it says Quaratine succeeded: Access denied, but it said that on similar messages earlier and they appeared multiple times warning me of the threat...I'll let you know if it comes up again. Should I just follow your last set of directions or is there anything I need to worry about here? I never used to get these sorts of messages before downloading this virus off of AIM. Everything else seems to be working normally, though.
Cookiegal's Avatar
Administrator with 63,387 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
21-Sep-2006, 07:01 PM #29
When you follow the instructions it will take care of that threat as it's in the system restore and we are flushing out the system restore.
IGotHijacked's Avatar
Junior Member with 28 posts.
  
Join Date: Mar 2004
21-Sep-2006, 11:36 PM #30
Thanks so much, I followed all your directions and all the directions in the thread you linked me to. I wasn't originally planning on donating anything but you were such a great help that I'd feel terrible if I didn't support this community. Thanks!
Closed Thread Bookmark and Share
Page 2 of 3 1 2 3

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 04:54 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.