Got some kind of backdoor - Page 2

IGotHijacked · 19-Sep-2006, 08:53 PM **#16**

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

뻣뻣뻣뻣뻣뻣뻣뻣?Windows OS and Versions 뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣?
Logfile created on: 9/19/2006 7:28:37 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Carl Davis\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

뻣뻣뻣뻣뻣뻣뻣뻣?Checking Selected Standard Folders 뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣

Checking %SystemDrive% folder...
PEC2 9/17/2006 10:23:34 PM 82944 C:\dllmx.exe ()
PECompact2 9/17/2006 10:23:34 PM 82944 C:\dllmx.exe ()
PEC2 9/12/2006 11:51:52 PM 43520 C:\logn.exe ()
PECompact2 9/12/2006 11:51:52 PM 43520 C:\logn.exe ()
UPX! 9/14/2006 8:04:26 PM 48640 C:\pmcb.exe ()

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 8/30/2005 10:41:36 PM 65536 C:\WINDOWS\IFinst27.exe ()

Checking %System% folder...
PEC2 9/3/2002 3:36:16 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 8/9/2005 6:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks)
PECompact2 8/9/2005 6:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks)
UPX! 9/17/2006 10:04:12 PM 48640 C:\WINDOWS\SYSTEM32\ktqcjm.exe ()
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 8/2/2006 9:22:50 PM 8255912 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/2/2006 9:22:50 PM 8255912 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/4/2004 3:56:54 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 9/3/2002 4:02:12 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/19/2006 7:27:08 PM S 2048 C:\WINDOWS\bootstat.dat ()
9/14/2006 12:24:48 AM HS 40973 C:\WINDOWS\system32\khfggfc.dll ()
9/17/2006 3:10:32 AM HS 923698 C:\WINDOWS\system32\vuuvw.bak1 ()
9/19/2006 4:06:06 PM HS 915324 C:\WINDOWS\system32\vuuvw.bak2 ()
9/19/2006 7:16:14 PM HS 920229 C:\WINDOWS\system32\vuuvw.ini ()
7/28/2006 8:16:08 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat ()
7/27/2006 10:00:28 AM S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat ()
9/19/2006 7:26:54 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
9/19/2006 7:27:22 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
9/19/2006 7:27:08 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG ()
9/19/2006 7:35:16 PM H 204800 C:\WINDOWS\system32\config\software.LOG ()
9/19/2006 7:27:26 PM H 937984 C:\WINDOWS\system32\config\system.LOG ()
8/9/2006 5:21:16 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
8/19/2006 9:04:58 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\62b168c9-9be5-4adc-8f0e-f4e7e833b734 ()
8/19/2006 9:04:58 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
9/19/2006 7:26:08 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()
9/14/2006 12:25:18 AM HS 43 C:\WINDOWS\Temp\removalfile.bat ()

Checking for CPL files...
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
9/3/2002 3:42:42 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
9/3/2002 3:48:36 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
10/26/2004 12:01:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
9/3/2002 3:50:50 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
11/11/2002 5:57:32 PM 77824 C:\WINDOWS\SYSTEM32\STAC97.cpl (SigmaTel Inc.)
8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
9/3/2002 3:59:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
9/3/2002 3:42:42 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
9/3/2002 3:48:36 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
9/3/2002 3:50:50 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
9/3/2002 3:59:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
2/10/2003 9:27:00 AM 139264 C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\nvtuicpl.cpl (NVIDIA Corporation)

Checking for Downloaded Program Files...
{3451DEDE-631F-421C-8127-FD793AFC6CC8} - ActiveDataInfo Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
{44990200-3C9D-426D-81DF-AAB636FA4345} - Symantec SmartIssue - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
{44990301-3C9D-426D-81DF-AAB636FA4345} - Symantec Script Runner Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/s...sh/swflash.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab
Yahoo! Literati - - CodeBase = http://download.games.yahoo.com/game...ts/y/tt3_x.cab
Yahoo! Pool 2 - - CodeBase = http://download.games.yahoo.com/game...s/y/pote_x.cab

뻣뻣뻣뻣뻣뻣뻣뻣?Checking Selected Startup Folders 뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣?

Checking files in %ALLUSERSPROFILE%\Startup folder...
5/24/2005 4:20:02 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
5/22/2005 4:21:14 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
8/25/2005 7:52:46 PM 815 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
5/22/2005 12:29:32 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
5/22/2005 4:21:14 PM HS 84 C:\Documents and Settings\Carl Davis\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
5/24/2005 4:18:40 PM 875 C:\Documents and Settings\Carl Davis\Application Data\AdobeDLM.log ()
5/22/2005 12:29:32 PM HS 62 C:\Documents and Settings\Carl Davis\Application Data\desktop.ini ()
5/24/2005 4:18:40 PM 0 C:\Documents and Settings\Carl Davis\Application Data\dm.ini ()
5/7/2006 10:57:12 AM 0 C:\Documents and Settings\Carl Davis\Application Data\sversion.ini ()

뻣뻣뻣뻣뻣뻣뻣뻣?Checking Selected Registry Keys 뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣?

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{0D830E1D-7892-4E2A-8643-0C14BA9EA6E8} - = C:\WINDOWS\system32\wvuuv.dll ()
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{A7327C09-B521-4EDB-8509-7D2660C9EC98} - Viewpoint Toolbar BHO = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll (Viewpoint Corporation)
\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - = C:\WINDOWS\system32\vjytthnn.dll ()

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - NewsStand Toolbar = C:\Program Files\NewsStand\Reader\NSIETool.dll (NewsStand, Inc.)
\\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll (Viewpoint Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8196
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8193 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 = Windows Messenger
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8195 = Sun Java Console

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{BDA77241-42F6-11d0-85E2-00AA001FE28C} - LDVP Shell Extensions = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{248A7248-2D62-4B49-ACFB-0C1B70C04F0D} - PKZIP Shell Extension = C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll (PKWARE, Inc.)
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{28710882-150A-48A6-A858-2FC774BA822E} - Viewpoint Photos Shell Extension = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewpointPhotosShellExt.dll (Viewpoint Corporation)
\\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - OpenOffice.org Column Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\\{087B3AE3-E237-4467-B8DB-5A38AB959AC9} - OpenOffice.org Infotip Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\\{3B092F0C-7696-40E3-A80F-68D74DA84210} - OpenOffice.org Thumbnail Viewer = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\PKZIP Shell Extension - {248A7248-2D62-4B49-ACFB-0C1B70C04F0D} = C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll (PKWARE, Inc.)
\ViewpointPhotosExt - {28710882-150A-48A6-A858-2FC774BA822E} = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewpointPhotosShellExt.dll (Viewpoint Corporation)
\WinRAR - = ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMen uHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\WinRAR - = ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMen uHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\PKZIP Shell Extension - {248A7248-2D62-4B49-ACFB-0C1B70C04F0D} = C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll (PKWARE, Inc.)
\ViewpointPhotosExt - {28710882-150A-48A6-A858-2FC774BA822E} = C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewpointPhotosShellExt.dll (Viewpoint Corporation)
\WinRAR - = ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - OpenOffice.org Column Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll" (Sun Microsystems, Inc.)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
Logitech Utility - C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
vptray - C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll ()
CARPService - C:\WINDOWS\SYSTEM32\carpserv.exe (Conexant Systems)
Apoint - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
IMJPMIG8.1 - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MSPY2002 - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe ()
PHIME2002ASync - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
PHIME2002A - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
HPDJ Taskbar Utility - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
ViewMgr - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
ViewpointPhotosDeviceConnect - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe (Viewpoint Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo mponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnc e]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
NewsStand.Scheduler - C:\Program Files\NewsStand\Reader\ADLSched.exe (NewsStand, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

IGotHijacked · 19-Sep-2006, 08:53 PM **#17**

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe (3M)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Carl Davis\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\NavLogon - C:\WINDOWS\System32\NavLogon.dll = (Symantec Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\wvuuv - C:\WINDOWS\system32\wvuuv.dll = ()

>>> DNS Name Servers <<<
{975906FC-FC4A-4B3E-BB65-2CF486870F4E} - (Broadcom 570x Gigabit Integrated Controller)
{A6D3F2A5-ACE9-4FF4-93E7-B0509412BB88} - (Intel(R) PRO/Wireless LAN 2100 3A Mini PCI Adapter)
{D66A441A-1D1B-4F2A-B378-B0B6F1D7C140} - ()
{E3BE02DD-947F-4A44-A743-B14A4538B911} - (1394 Net Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Na meSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Pr otocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

>>>>Output for AddOn file Policies.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
policies\Explorer\\NoDriveTypeAutoRun - 145

>>>>Output for AddOn file Security.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusOverride - 0
Security Center\\AntiVirusDisableNotify - 1
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\FirewallOverride - 0
Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
BITS\\Type - 32
BITS\\Start - 3
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - Rpcss;
BITS\\DependOnGroup -
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup -
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
SharedAccess\Epoch\\Epoch - 229293
SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
Key not found
SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
SharedAccess\Setup\\ServiceUpgrade - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E3BE02DD-947F-4A44-A743-B14A4538B911} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{D66A441A-1D1B-4F2A-B378-B0B6F1D7C140} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A6D3F2A5-ACE9-4FF4-93E7-B0509412BB88} - 1
SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{975906FC-FC4A-4B3E-BB65-2CF486870F4E} - 1
SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
SharedAccess\Enum\\Count - 1
SharedAccess\Enum\\NextInstance - 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1

뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣 Scan Complete 뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣

IGotHijacked · 19-Sep-2006, 08:55 PM **#18**

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yjjrbtme

*******************

Script file located at: \??\C:\WINDOWS\hcuyuwxd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\wvuuv.dll deleted successfully.
File C:\WINDOWS\system32\jqbyny.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 7:49:47 PM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\puppy.exe.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D830E1D-7892-4E2A-8643-0C14BA9EA6E8} - C:\WINDOWS\system32\wvuuv.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\vjytthnn.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - C:\Program Files\NewsStand\Reader\NSIETool.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NewsStand.Scheduler] "C:\Program Files\NewsStand\Reader\ADLSched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvuuv - C:\WINDOWS\system32\wvuuv.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

**Cookiegal** · 20-Sep-2006, 02:37 PM **#19**

Go to Control Panel – Add/Remove programs and remove the following, if there:

Viewpoint
Viewpoint Toolbar

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.

O2 - BHO: (no name) - {0D830E1D-7892-4E2A-8643-0C14BA9EA6E8} - C:\WINDOWS\system32\wvuuv.dll (file missing)

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\vjytthnn.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar
V35\ViewBar.dll

O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe

O20 - Winlogon Notify: wvuuv - C:\WINDOWS\system32\wvuuv.dll (file missing)

Run Avenger again using this script:

Quote:

Files to delete:
C:\dllmx.exe
C:\logn.exe
C:\pmcb.exe
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\SYSTEM32\ktqcjm.exe
C:\WINDOWS\system32\khfggfc.dll
C:\WINDOWS\system32\vjytthnn.dll
C:\WINDOWS\system32\vuuvw.bak1
C:\WINDOWS\system32\vuuvw.bak2
C:\WINDOWS\system32\vuuvw.ini
C:\WINDOWS\Temp\removalfile.bat

Folders to delete:
C:\Program Files\Viewpoint

Reboot and post another HijackThis log please.

IGotHijacked · 20-Sep-2006, 08:39 PM **#20**

Logfile of HijackThis v1.99.1
Scan saved at 7:36:59 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\NewsStand\Reader\ADLSched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis\puppy.exe.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - C:\Program Files\NewsStand\Reader\NSIETool.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NewsStand.Scheduler] "C:\Program Files\NewsStand\Reader\ADLSched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

I also got a new Symantec AntiVirus Notification in case this helps:

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Hacktool.Spammer
File: C:\System Volume Information\_restore{CA832B9D-0EB5-4B0B-A1A7-252D05468229}\RP410\A0085179.exe
Location: Quarantine
Computer: CARL
User: SYSTEM
Action taken: Quarantine succeeded : Access denied
Date found: Wednesday, September 20, 2006 6:51:04 PM

**Cookiegal** · 20-Sep-2006, 08:56 PM **#21**

The log looks fine but I would like you to do the following to make sure there's nothing else lingering.

Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires it becomes freeware with reduced functions but still worth keeping.

Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run Ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.

Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
Ewido will now begin the scanning process. Be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close Ewido and reboot your system back into Normal Mode.

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.

IGotHijacked · 20-Sep-2006, 11:59 PM **#22**

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:40:00 PM 9/20/2006

+ Scan result:

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6AWCJ2C7\d224_test2[1].exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XEX0X8VR\d222_test1[1].exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/dllmx.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\ctps.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/bmp[1].exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/cjnr4r4zkuf.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/d222_test1[1].exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/dior4f4akvgrbmx.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/nlkfev7akvgr.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/ntms.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/pcst2.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/sklrr7yrcny.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/sklrr7ysdnyjufqbm.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6AWCJ2C7\d227_seven2[1].exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\vcb.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/csts.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_11_58].cab/C:\WINDOWS\system32\csts.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_12_10].cab/C:\WINDOWS\system32\csts.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/dllhost.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_11_58].cab/C:\WINDOWS\system\dllhost.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_12_10].cab/C:\WINDOWS\system\dllhost.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\L7VQ8ZG9\logn[1].exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/logn.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\mt2560.exe -> Downloader.Small.dtz : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_11_58].cab/C:\WINDOWS\system32\jqbyny.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_12_10].cab/C:\WINDOWS\system32\jqbyny.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8AW41GGH\win32[1].exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\avenger\backup-09.20.2006 Wed-17.47.01.37.zip/avenger/jqbyny.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/pmcb.exe -> Proxy.Caprobad.b : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/elk.exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\SDFix\backups\backups.zip/backups/pizza.exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_11_58].cab/C:\elk.exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_11_58].cab/C:\pizza.exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_12_10].cab/C:\elk.exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Desktop\requested-files[2006-09-17_12_10].cab/C:\pizza.exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\L7VQ8ZG9\elk[1].exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XEX0X8VR\pizza[1].exe -> Proxy.Small.fd : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.284:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.285:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.286:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.288:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.289:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.290:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.291:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.292:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.293:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.294:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.295:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.296:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.297:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.300:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.301:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.303:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.304:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.305:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.306:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.307:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.308:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.309:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.310:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.311:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.312:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.313:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.314:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.316:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.317:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.319:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.320:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.321:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.322:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.323:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.324:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.325:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.326:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.327:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.328:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.329:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.330:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.458:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.577:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.586:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.742:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.897:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Cookies\carl davis@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.197:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.198:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.207:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.208:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.251:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.505:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.506:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.416:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.417:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.418:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.419:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.421:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.422:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.390:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.392:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.499:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.500:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.501:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.502:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.571:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.572:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.578:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.579:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.580:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.581:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.582:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.583:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.584:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.606:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.607:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.900:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.901:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.902:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).

IGotHijacked · 21-Sep-2006, 12:01 AM **#23**

:mozilla.903:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
:mozilla.595:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.596:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.597:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.598:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.498:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.375:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.376:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.377:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.378:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Cookies\carl davis@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.242:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup (quarantined).
:mozilla.177:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.540:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.541:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.542:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.543:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.544:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.554:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.555:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.556:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.557:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.391:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.367:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.96:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.99:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.720:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup (quarantined).
:mozilla.243:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Cookies\carl davis@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Cookies\carl davis@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.151:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.179:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.180:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.181:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.154:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.155:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.162:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.331:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.332:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.333:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.334:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.335:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Cookies\carl davis@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.624:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.625:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.626:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.627:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.570:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.838:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.839:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.840:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.841:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.842:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.531:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.532:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.40:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.41:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.42:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.43:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.44:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.47:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.48:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.54:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.56:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.57:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.59:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.60:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.62:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

IGotHijacked · 21-Sep-2006, 12:02 AM **#24**

:mozilla.65:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.66:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.860:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.861:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.934:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.879:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.880:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.881:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.882:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.883:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.884:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.885:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.886:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.430:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.431:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.432:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.433:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.434:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.380:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.381:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.382:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.383:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.384:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.385:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
:mozilla.899:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.435:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.916:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.917:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
:mozilla.357:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.358:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.359:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.360:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.361:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.362:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.363:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.364:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.365:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.366:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.368:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.370:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt ->
TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.371:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Carl Davis\Cookies\carl davis@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.921:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.922:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.923:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.924:C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20060920-174238-590.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/vjytthnn.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).

::Report end

Incident Status Location

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.go.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.belnk.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Mozilla\Firefox\Profiles\mqaayeu8.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Carl Davis\Application Data\Netscape\NSB\Profiles\ay6f2tpo.default\cookies.txt[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Carl Davis\Cookies\carl davis@atwola[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Carl Davis\Cookies\carl davis@drivecleaner[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Carl Davis\Cookies\carl davis@go[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Carl Davis\Cookies\carl davis@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Carl Davis\Cookies\carl davis@www.drivecleaner[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carl Davis\Desktop\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Carl Davis\Desktop\SDFix.zip[SDFix/apps/Process.exe]
Virus:Trj/FireByPass.AP Disinfected C:\Documents and Settings\Carl Davis\Local Settings\Temp\xtiwr.exe

Logfile of HijackThis v1.99.1
Scan saved at 11:00:10 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\puppy.exe.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - C:\Program Files\NewsStand\Reader\NSIETool.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NewsStand.Scheduler] "C:\Program Files\NewsStand\Reader\ADLSched.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/pote_x.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

**Cookiegal** · 21-Sep-2006, 01:07 PM **#25**

You need to clear your cookies in both browsers.

Clean your Cache and Cookies in IE:
Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK

Clean your Cache and Cookies in Firefox:
Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information

How are things running now?

IGotHijacked · 21-Sep-2006, 03:35 PM **#26**

Done. My browser doesn't seem to be hijacked anymore and I haven't gotten another Symantec Virus Threat Notification yet...am I clean?

**Cookiegal** · 21-Sep-2006, 05:27 PM **#27**

Yes, it seems so.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on My Computer and click on Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on Start – All Programs – Accessories – System Tools and then select System Restore.

In the System Restore wizard, select Create a restore point and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading SPYWAREBLASTER for added protection.

Read here for info on how to tighten your security.

Delete your temporary files:

In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.

Go to Start - Run and type %temp% in the Run box. The Temp folder will open. Click Edit - Select All then hit Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel - Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the recycle bin.

IGotHijacked · 21-Sep-2006, 07:08 PM **#28**

I haven't done your last set of directions yet but I did just get this Symantec AntiVirus Notification:

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan.Vundo
File: C:\System Volume Information\_restore{CA832B9D-0EB5-4B0B-A1A7-252D05468229}\RP410\A0085270.dll
Location: Quarantine
Computer: CARL
User: SYSTEM
Action taken: Quarantine succeeded : Access denied
Date found: Thursday, September 21, 2006 4:11:54 PM

I know it says Quaratine succeeded: Access denied, but it said that on similar messages earlier and they appeared multiple times warning me of the threat...I'll let you know if it comes up again. Should I just follow your last set of directions or is there anything I need to worry about here? I never used to get these sorts of messages before downloading this virus off of AIM. Everything else seems to be working normally, though.

**Cookiegal** · 21-Sep-2006, 08:01 PM **#29**

When you follow the instructions it will take care of that threat as it's in the system restore and we are flushing out the system restore.

IGotHijacked · 22-Sep-2006, 12:36 AM **#30**

Thanks so much, I followed all your directions and all the directions in the thread you linked me to. I wasn't originally planning on donating anything but you were such a great help that I'd feel terrible if I didn't support this community. Thanks!

Tag Cloud
access acer asus bios bsod computer crash drive driver drivers error ethernet excel freeze games gaming graphics hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram random registry router slow software sound trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!