Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » HELP!! My Pc is infected w/ adlogix browser hijacker(RESOLVED)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

HELP!! My Pc is infected w/ adlogix browser hijacker(RESOLVED)

Reply
Page 1 of 3 1 23
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 04-06-2006, 03:54 PM
Newbie
D-A-L Newbie
  
Join Date: Jun 2006
Posts: 18
stussyboy99 Is a beginner here at D-A-L
HELP!! My Pc is infected w/ adlogix browser hijacker(RESOLVED)
I ahve this problem that other people have had.

I just ran hijack this and here is the log report.

I appreciate the help.

Here is the result.

Logfile of HijackThis v1.99.1
Scan saved at 7:52:39 AM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Aladdin Systems\StuffIt\stuffit.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\rpdtl.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\rpdtl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28B81F58-A8C7-400F-BEA1-6EBEB356E517}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{67411ACD-F722-47C1-B76A-8B39717AF81B}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{80833F60-490B-40C9-93E2-C58C93631E8C}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7A1E320-6359-4585-B57C-131E49E406B2}: NameServer = 85.255.116.78,85.255.112.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 04-06-2006, 07:17 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: HELP!! My Pc is infected w/ adlogix browser hijacker
Welcome to DAL,


You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 04-06-2006, 11:38 PM
Newbie
D-A-L Newbie
  
Join Date: Jun 2006
Posts: 18
stussyboy99 Is a beginner here at D-A-L
Re: HELP!! My Pc is infected w/ adlogix browser hijacker
Thanks for this.

here is the fixwareout report

Fixwareout ver 1.003
Last edited 04/26/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\nlcalik
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\legmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\nlcalik
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmgel.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is lagitamate

»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSOWP.EXE

»»»»» Misc files
* thequicklink C:\WINDOWS\System32\RPDTL.DLL

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSOWP.EXE 51,225 2006-06-04
C:\WINDOWS\SYSTEM32\DMGEL.EXE 44,113 2004-08-04

>>>>

here is the hijack this report

Logfile of HijackThis v1.99.1
Scan saved at 3:34:23 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28B81F58-A8C7-400F-BEA1-6EBEB356E517}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{67411ACD-F722-47C1-B76A-8B39717AF81B}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{80833F60-490B-40C9-93E2-C58C93631E8C}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7A1E320-6359-4585-B57C-131E49E406B2}: NameServer = 85.255.116.78,85.255.112.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe

>>>

Thanks

stussyboy99
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 04-06-2006, 11:46 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: HELP!! My Pc is infected w/ adlogix browser hijacker
Thanks, next step:



Please download, install, and update the NEW free version of Ewido trojan scanner:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Post the log Ewido makes back here please and a new hijackthis log. Thanks.



Also...



Go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 07-06-2006, 08:19 AM
Newbie
D-A-L Newbie
  
Join Date: Jun 2006
Posts: 18
stussyboy99 Is a beginner here at D-A-L
Re: HELP!! My Pc is infected w/ adlogix browser hijacker
okay. here is the ewido log report. sorry for the delay, it took a couple of passes to do it.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:14:05 AM, 6/7/2006
+ Report-Checksum: F9E67CD1

+ Scan result:

:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.429:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.473:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.496:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.500:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.501:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.530:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.559:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.576:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.603:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.627:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.635:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.680:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.681:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.682:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.683:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.684:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.685:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.719:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.720:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.725:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.750:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.762:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.763:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.764:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.772:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.789:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.791:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.792:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.802:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.841:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.847:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.848:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.854:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.861:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.862:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.866:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.867:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.868:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.874:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.875:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.876:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.886:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.894:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.895:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.896:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.909:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.914:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.923:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.924:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.925:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.926:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.927:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.930:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.931:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.932:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.933:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.940:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.941:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.948:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.956:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.957:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.958:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.959:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.960:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.961:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.962:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.963:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.964:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.965:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.966:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.967:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.968:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.969:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.970:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.988:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.993:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tamo77zj.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiwicpwdoqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc4.exe -> Hijacker.Small.kg : Cleaned with backup
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc5.exe -> Trojan.Hoster : Cleaned with backup
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc6.exe -> Adware.Msnagent : Cleaned with backup
C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc7.exe -> Adware.FindSpy : Cleaned with backup
C:\WINDOWS\system32\dmgel.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\rpdtl.dll -> Adware.SBSoft : Cleaned with backup


::Report End

here is the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 12:14:44 AM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{28B81F58-A8C7-400F-BEA1-6EBEB356E517}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{67411ACD-F722-47C1-B76A-8B39717AF81B}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{80833F60-490B-40C9-93E2-C58C93631E8C}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7A1E320-6359-4585-B57C-131E49E406B2}: NameServer = 85.255.116.78,85.255.112.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe

i will have to post the bit defender results once I have done it

thanks again

stussyboy99
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 07-06-2006, 03:08 PM
Newbie
D-A-L Newbie
  
Join Date: Jun 2006
Posts: 18
stussyboy99 Is a beginner here at D-A-L
Re: HELP!! My Pc is infected w/ adlogix browser hijacker
hi there.

here is the bitdefender log

BitDefender Online Scanner



Scan report generated at: Wed, Jun 07, 2006 - 03:45:58





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
03:16:00

Files
899599

Folders
9650

Boot Sectors
3

Archives
31423

Packed Files
74343




Results

Identified Viruses
14

Infected Files
29

Suspect Files
2

Warnings
0

Disinfected
0

Deleted Files
31




Engines Info

Virus Definitions
386750

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
40

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>SandBoxEscape.class
Infected with: Trojan.Java.Byteverify.Exploit.B

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>SandBoxEscape.class
Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>SandBoxEscape.class
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip
Updated

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>SuperMSClassLoader.class
Infected with: Trojan.Exploit.ByteVerify.L

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>SuperMSClassLoader.class
Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>SuperMSClassLoader.class
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip
Updated

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>NewURLClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>NewURLClassLoader.class
Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>NewURLClassLoader.class
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip
Updated

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>Installer.class
Infected with: Trojan.Exploit.ByteVerify.L

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>Installer.class
Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip=>Installer.class
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0 601a.jar-523da84a-619fd2ca.zip
Updated

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>GetAccess.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>GetAccess.class
Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>GetAccess.class
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip
Updated

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>InsecureClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>InsecureClassLoader.class
Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>InsecureClassLoader.class
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip
Updated

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>Dummy.class
Infected with: Trojan.Java.Classloader.Dummy.A

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>Dummy.class
Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>Dummy.class
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip
Updated

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>Installer.class
Infected with: Java.Trojan.OpenConnection.F

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>Installer.class
Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip=>Installer.class
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msj ld.jar-5fa973e1-4a2e9125.zip
Updated

C:\Documents and Settings\Owner\Local Settings\Temp\start.exe
Suspected of: Trojan.Downloader.Small.Gen

C:\Documents and Settings\Owner\Local Settings\Temp\start.exe
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temp\start.exe
Deleted

C:\Documents and Settings\Owner\Local Settings\Temp\svchost.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\Documents and Settings\Owner\Local Settings\Temp\svchost.exe
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temp\svchost.exe
Deleted

C:\hp\bin\Terminator.exe
Infected with: Trojan.Killapp.30208.A

C:\hp\bin\Terminator.exe
Disinfection failed

C:\hp\bin\Terminator.exe
Deleted

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc35\prompt[1].htm
Infected with: Trojan.Isbar.83

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc35\prompt[1].htm
Disinfection failed

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc35\prompt[1].htm
Deleted

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[10].htm
Infected with: JS.Trojan.Downloader.IstBar.A

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[10].htm
Disinfection failed

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[10].htm
Deleted

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[2].htm
Infected with: JS.Trojan.Downloader.IstBar.A

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[2].htm
Disinfection failed

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[2].htm
Deleted

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[5].htm
Infected with: JS.Trojan.Downloader.IstBar.A

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[5].htm
Disinfection failed

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[5].htm
Deleted

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[7].htm
Infected with: JS.Trojan.Downloader.IstBar.A

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[7].htm
Disinfection failed

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\online[7].htm
Deleted

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[1].htm
Infected with: Trojan.Isbar.83

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[1].htm
Disinfection failed

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[1].htm
Deleted

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[2].htm
Infected with: Trojan.Isbar.83

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[2].htm
Disinfection failed

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[2].htm
Deleted

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[3].htm
Infected with: Trojan.Isbar.83

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[3].htm
Disinfection failed

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[3].htm
Deleted

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[4].htm
Infected with: Trojan.Isbar.83

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[4].htm
Disinfection failed

C:\RECYCLER\S-1-5-21-2367779069-2911023937-329158131-1003\Dc46\prompt[4].htm
Deleted

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245265.exe
Infected with: Trojan.Downloader.FFZ

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245265.exe
Disinfection failed

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245265.exe
Deleted

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245274.exe
Infected with: MemScan:Trojan.Small.AA

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245274.exe
Disinfection failed

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245274.exe
Deleted

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245278.exe
Infected with: Trojan.Downloader.FFZ

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245278.exe
Disinfection failed

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245278.exe
Deleted

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245285.exe
Infected with: MemScan:Trojan.Small.AA

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245285.exe
Disinfection failed

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1075\A0245285.exe
Deleted

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245396.exe
Infected with: Trojan.Downloader.Small.AOR

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245396.exe
Disinfection failed

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245396.exe
Deleted

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245398.exe
Infected with: Trojan.Fakealert

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245398.exe
Disinfection failed

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245398.exe
Deleted

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245399.exe
Infected with: Trojan.Click.526

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245399.exe
Disinfection failed

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245399.exe
Deleted

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245400.exe
Infected with: MemScan:Trojan.Small.AA

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245400.exe
Disinfection failed

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245400.exe
Deleted

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245401.dll
Detected with: Adware.Iectr.A

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245401.dll
Disinfection failed

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245401.dll
Deleted

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245406.exe
Infected with: Trojan.Killapp.30208.A

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245406.exe
Disinfection failed

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP1078\A0245406.exe
Deleted

C:\WINDOWS\system32\csowp.exe
Infected with: Trojan.Downloader.FFZ

C:\WINDOWS\system32\csowp.exe
Disinfection failed

C:\WINDOWS\system32\csowp.exe
Deleted



and here is the new Logfile of HijackThis v1.99.1


Scan saved at 7:07:03 AM, on 6/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 8.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28B81F58-A8C7-400F-BEA1-6EBEB356E517}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{67411ACD-F722-47C1-B76A-8B39717AF81B}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{80833F60-490B-40C9-93E2-C58C93631E8C}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7A1E320-6359-4585-B57C-131E49E406B2}: NameServer = 85.255.116.78,85.255.112.227
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe

k this log
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 07-06-2006, 10:44 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: HELP!! My Pc is infected w/ adlogix browser hijacker
HI,



Create a folder such as C:\HJT or C:\Program Files\HJT and move HJT.exe into the newly created folder so we can have avaiable backups in case you fix the wrong thing or I make a mistake. Very important.


Run hiajckthis and click on scan button and put checks next to these:


O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{28B81F58-A8C7-400F-BEA1-6EBEB356E517}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{67411ACD-F722-47C1-B76A-8B39717AF81B}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{80833F60-490B-40C9-93E2-C58C93631E8C}: NameServer = 85.255.116.78,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7A1E320-6359-4585-B57C-131E49E406B2}: NameServer = 85.255.116.78,85.255.112.227


Make sure nothing is open but hijackthis and click on fix checked.


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


DELETE FILES:

ALCXMNTR.EXE


Reboot normal mode and find this file below and right click it and select properties and post that info if any.

C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 08-06-2006, 07:12 AM
Newbie
D-A-L Newbie
  
Join Date: Jun 2006
Posts: 18
stussyboy99 Is a beginner here at D-A-L
Re: HELP!! My Pc is infected w/ adlogix browser hijacker
Neil

excuse my ignorance but where do I find the hijack this.exe? I have the application as an icon on my desktop, but when I try to move it, it just creates a shortcut to it in the folder I created in the C drive called HJT. i found a hijack this .exe file when I searched, but this was identified as a stuffit encoded file. is this what I am looking for.

all the files you have listed do exist when your run a hijack this scan, but it's the first stage that has thrown me.

can you talk me through it.

sorry.

stussyboy99
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 08-06-2006, 08:05 AM
Newbie
D-A-L Newbie
  
Join Date: Jun 2006
Posts: 18
stussyboy99 Is a beginner here at D-A-L
Re: HELP!! My Pc is infected w/ adlogix browser hijacker
also. i/explorer was run tonight (i normally run firefox) after the above was carried out and weird things happened. also, i got a warning from my computer that spyware was present. was running i/explorer a bad thing to do? do we need to go back and do any of the steps again?
my windows browsers now have unwanted search toolbars that had appeared before, but had disappeared during the course of doing the above actions you had told me to do.

sorry to be such a newbie.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 08-06-2006, 06:44 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: HELP!! My Pc is infected w/ adlogix browser hijacker
No problem,


Delete the hijackthis you now have


Just go to this link here: www.merijn.org/files/hijackthis_sfx.exe


That link will install hijackthis to the proper place automatically, right now it is on the desktop.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 3 1 23

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ADLOGIX BROWSER (please help !!) thevision Spyware, Adware, Viruses and HijackThis Logs 1 27-09-2006 04:21 AM
ADLOGIX BROWSER (please help owen) josh101 Spyware, Adware, Viruses and HijackThis Logs 1 07-09-2006 04:16 AM
browser hijacker tallicafanatik Spyware, Adware, Viruses and HijackThis Logs 12 13-06-2005 03:39 PM
Can't get rid of Adlogix Broweser Hijacker - Hijack This Log oscara Spyware, Adware, Viruses and HijackThis Logs 1 24-03-2005 04:21 PM
HELP!! My Pc is infected w/ adlogix browser hijacker djmcwane Spyware, Adware, Viruses and HijackThis Logs 10 21-03-2005 09:15 PM


All times are GMT +1. The time now is 03:04 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav