Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Wednesday 27.11.2024 / 21:10
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > ive been hijacked so please help
Show topics
 
Forums
Forums
IVE been hijacked so please help
  Jump to:
 
Posted Message
bryanoens
Newbie
_ 		5. March 2006 @ 18:41 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 9:36:13 PM, on 3/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\AppPatch\bindoc.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {EED3A2AF-8920-4275-943A-EB70D6755B8a} - C:\WINDOWS\System32\cdpgbgio.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\WINDOWS\system32\1.tmp
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - AppInit_DLLs: PAVWAIT.DLL
O20 - Winlogon Notify: bindoc - C:\WINDOWS\AppPatch\bindoc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
[ + quote]
Advertisement
_ 		__
-kemisti-
AfterDawn Addict
_ 		6. March 2006 @ 00:34 _ Link to this message    Send private message to this user   
You have eg. Vundo infection

Follow these instructions carefully:

Fix these with HjT (do a system scan only, checkmark these and press fix checked):

O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\AppPatch\bindoc.dll
O2 - BHO: (no name) - {EED3A2AF-8920-4275-943A-EB70D6755B8a} - C:\WINDOWS\System32\cdpgbgio.dll
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\WINDOWS\system32\1.tmp
O20 - Winlogon Notify: bindoc - C:\WINDOWS\AppPatch\bindoc.dll
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)

Then start -> run -> services.msc
Find

Mouse Hardware Sync
Srv32

Doubleclick them, press stop ans select startuptype disabled

Open HjT -> open misc tools -> delete nt service

Type these one at a time and press ok:

Mouse Hardware Sync
Srv32

Delete these, if still found:

C:\WINDOWS\System32\cdpgbgio.dll
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\System32\mousehs.exe
C:\WINDOWS\system32\srv32.exe

Please download VundoFix.exe to your desktop -> http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.

Please download ewido anti malware it is a free version of the program -> http://www.ewido.net/en/download/

1. Install ewido security suite
2. When installing, under "Additional Options" uncheck..
* Install background guard
* Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates -> http://www.ewido.net/en/download/updates/

Once the updates are installed do the following:

Reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.


then launch ewido:

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

Reboot back to normal mode


* Please post the contents of C:\vundofix.txt, ewido report and a new HiJackThis log.
[ + quote]
bryanoens
Newbie
_ 		6. March 2006 @ 08:44 _ Link to this message    Send private message to this user   
Wow it looks like I have some work to do. I will get to this after my class and let you know if it works. Thanks for your time!
[ + quote]
bryanoens
Newbie
_ 		6. March 2006 @ 11:59 _ Link to this message    Send private message to this user   
Ok I did everything you said so here is the new files...


VundoFix V4.2.29
Scan started at 1:46:02 PM 3/6/2006

Listing files found while scanning....

C:\WINDOWS\AppPatch\bindoc.dll
C:\WINDOWS\AppPatch\codnib.ini
C:\WINDOWS\AppPatch\codnib.bak1
C:\WINDOWS\AppPatch\codnib.bak2

C:\WINDOWS\AppPatch\codnib.bak1
C:\WINDOWS\AppPatch\codnib.bak2
C:\WINDOWS\AppPatch\codnib.ini
C:\WINDOWS\AppPatch\bindoc.dll
Attempting to delete C:\WINDOWS\AppPatch\bindoc.dll
C:\WINDOWS\AppPatch\bindoc.dll Has been deleted!

Attempting to delete C:\WINDOWS\AppPatch\codnib.ini
C:\WINDOWS\AppPatch\codnib.ini Has been deleted!

Attempting to delete C:\WINDOWS\AppPatch\codnib.bak1
C:\WINDOWS\AppPatch\codnib.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\AppPatch\codnib.bak2
C:\WINDOWS\AppPatch\codnib.bak2 Has been deleted!

Performing Repairs to the registry.
Done!



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:52:51 PM, 3/6/2006
+ Report-Checksum: B1E3B7A

+ Scan result:

:mozilla.9:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.31:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.32:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.42:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.77:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.78:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.79:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.80:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.81:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.83:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.84:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.86:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.87:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.95:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.97:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.98:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.99:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.100:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.101:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.114:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.115:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.116:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.117:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.118:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.119:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.120:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.121:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.122:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.123:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.125:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.126:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.127:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.128:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.129:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.130:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.146:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.147:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.148:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.150:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.151:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.152:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.153:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.154:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.165:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.166:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.167:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.168:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.169:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.170:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.171:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.182:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.201:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.238:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.239:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.240:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.241:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.242:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.243:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.244:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.245:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.246:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.247:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.248:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.249:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.250:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.251:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.252:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.253:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.254:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.255:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.256:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.257:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Paypopup : Cleaned with backup
:mozilla.267:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.268:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.270:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.281:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.282:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.329:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.338:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.339:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.340:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.341:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.342:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.354:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.355:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.397:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.398:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.399:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.400:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.401:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.405:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.409:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.410:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.468:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.469:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.470:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.471:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.472:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.480:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.481:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adengage : Cleaned with backup
:mozilla.482:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adengage : Cleaned with backup
:mozilla.483:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Adengage : Cleaned with backup
:mozilla.486:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.492:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.493:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.531:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.532:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.533:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.538:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.545:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.562:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.567:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.632:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.633:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.709:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.710:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.773:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.792:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.844:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.845:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.847:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.852:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.892:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.905:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.907:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.908:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.915:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.940:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.946:C:\Documents and Settings\leary\Application Data\Mozilla\Firefox\Profiles\me1jm5jw.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\leary\Cookies\leary@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\leary\Cookies\leary@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\leary\Cookies\leary@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IS2LMNOP\mspaint[1].exe -> Proxy.Agent.fp : Cleaned with backup
C:\HJT\backups\backup-20060306-133221-448.dll -> Trojan.Crypt.o : Cleaned with backup
C:\HJT\backups\backup-20060306-133221-717.dll -> Trojan.Crypt.o : Cleaned with backup
C:\RECYCLER\S-1-5-21-448539723-688789844-682003330-1004\Dc409.tmp -> Proxy.Agent.fp : Cleaned with backup
C:\RECYCLER\S-1-5-21-448539723-688789844-682003330-1004\Dc435.exe -> Backdoor.SdBot.xd : Cleaned with backup
C:\WINDOWS\system32\ssqpq.dll -> Downloader.ConHook.k : Cleaned with backup


::Report End





and here is the new hijack file:

Logfile of HijackThis v1.99.1
Scan saved at 2:56:56 PM, on 3/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - AppInit_DLLs: PAVWAIT.DLL
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


That last thing, wltrysvc.exe doesnt look like it belongs. But look at it and tell me what you think.
[ + quote]
spertti
Senior Member
_ 		6. March 2006 @ 12:37 _ Link to this message    Send private message to this user   
ltrysvc.exe is a process belonging to the Broadcom Corporation Wireless Network Tray Applet, which interacts with your broadband hardware.
So it´s ok.
[ + quote]
bryanoens
Newbie
_ 		6. March 2006 @ 20:42 _ Link to this message    Send private message to this user   
Well then thats a good thing. Thanks for the information. So Unless anyone tells me something is wrong, I should think im clean. Any Idea how I could have obtained the vundo virus and maybe a way to protect myself from this in the future. I am currently using Kerio personal firewall and some minor spyware programs.
[ + quote]
Advertisement
_ 		__
 
_
-kemisti-
AfterDawn Addict
_ 		6. March 2006 @ 21:45 _ Link to this message    Send private message to this user   
Yes, your log is clean :)
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > ive been hijacked so please help
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork