Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HIJACKTHIS LOG - i really need help PLEASE HELP

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » December 31st, 2007, 3:18 pm

ok, so i know that i have a keylogger because i play this game and somehow it keeps changing password and im sick of this keylogger and just want to get rid of this keylogger off my computer please HELP! :o

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:58 AM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\valve\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [판도라TV미니] C:\Program Files\PandoraTVMini\MiniUpdate.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program Files\PREVX\Prevx Home\PXAgent.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 4246 bytes
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm
Advertisement
Register to Remove

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 3rd, 2008, 11:07 pm

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.



Download and Run ComboFix
  • Download Combofix from one of the links below :

    ComboFix.exe 1
    ComboFix.exe 2
    ComboFix.exe 3

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 6th, 2008, 4:03 am

sorry for the late response i was out of town. i ran the program and this is what i have.

ComboFix 08-01-04.1 - Jason 2008-01-05 23:54:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.1071 [GMT -8:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\uninstall information
C:\WINDOWS\hosts

.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-05 23:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-20 06:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-17 20:59 . 2007-12-17 20:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-17 18:22 . 2007-12-18 20:04 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\AdwareAlert
2007-12-17 18:17 . 2007-12-17 18:17 <DIR> d-------- C:\Program Files\Anti Keylogger Elite
2007-12-16 23:00 . 2007-12-16 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-16 22:39 . 2007-12-16 22:39 <DIR> d-------- C:\WINDOWS\Sun
2007-12-15 20:52 . 2007-12-15 20:52 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-15 19:43 . 2007-12-15 21:50 784 ---hs---- C:\WINDOWS\system\actualspystart.lnk
2007-12-15 19:16 . 2007-12-15 19:16 88 --a------ C:\WINDOWS\wininit.ini
2007-12-15 18:38 . 2008-01-05 23:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-15 13:05 . 2007-12-15 13:05 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\PC Tools
2007-12-15 13:05 . 2007-12-15 14:36 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-15 13:05 . 2007-12-15 14:36 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-15 13:05 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-15 13:05 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-15 13:01 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 11:18 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-27 12:03 --------- d-----w C:\Documents and Settings\Jason\Application Data\LimeWire
2007-12-24 00:25 --------- d-----w C:\Documents and Settings\Jason\Application Data\Aim
2007-12-19 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-19 08:03 --------- d-----w C:\Program Files\Peepop
2007-12-16 14:19 --------- d-----w C:\Documents and Settings\Jason\Application Data\Spybot - Search & Destroy
2007-12-14 02:17 --------- d-----w C:\Program Files\World of Warcraft
2007-11-18 00:54 --------- d-----w C:\Program Files\Ventrilo
2007-11-18 00:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2006-01-18 04:35 25,672 ----a-w C:\Documents and Settings\Jason\Application Data\GDIPFONTCACHEV1.DAT
2005-12-18 02:42 145,970 --sh--r C:\WINDOWS\04zt.sys
2005-12-18 02:42 247,765 --sh--r C:\WINDOWS\system32\04zt.sys
2005-02-11 05:46 56 --sh--r C:\WINDOWS\system32\34D562D718.sys
2005-12-18 03:01 187,945 --sh--r C:\WINDOWS\system32\enb.exe
2005-12-18 02:44 263,288 --sh--r C:\WINDOWS\system32\jlx.exe
2005-02-11 05:46 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\valve\steam\steam.exe" [2007-12-02 16:58 1266936]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 10:37 7094272]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-04-27 14:18 61440]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 13:22 3739648]
"판도라TV미니"="C:\Program Files\PandoraTVMini\MiniUpdate.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2007-11-30 13:47 847872]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" [2002-09-04 10:28 151552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42 81920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9C0ADB68-353A-61DD-ED09-1D8003A6D1CB}"= C:\WINDOWS\system32\kbass1p.dll [1998-12-31 16:01 15872]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 AKEProtect;AKEProtect;C:\Program Files\Anti Keylogger Elite\AKEProtect.sys [2006-03-07 22:36]
S2 shpsv;Shop-Guide Updater Service;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:56]
S3 NOWMEMDF;NOWMEMDF;C:\WINDOWS\System32\NOWMEMDF.sys [2005-11-02 03:23]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-06 07:54:00 C:\WINDOWS\Tasks\ ().job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-01-06 07:54:00 C:\WINDOWS\Tasks\ (JASON-JXS16R924-Jason).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-01-05 11:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-01-01 02:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-06 05:15:30 C:\WINDOWS\Tasks\McAfee.com Update Check (JASON-JXS16R924-Jason).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 23:57:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\system32\kbass1p.dll
.
Completion time: 2008-01-05 23:57:40
ComboFix-quarantined-files.txt 2008-01-06 07:57:31


__________________________________________________

and the hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:50 AM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [판도라TV미니] C:\Program Files\PandoraTVMini\MiniUpdate.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program Files\PREVX\Prevx Home\PXAgent.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 3984 bytes
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 6th, 2008, 9:50 am

What Antivirus do you use ?

The following program/s are regarded as either "Rogue", being bundled with "Adware" or having dubious reputations

AdwareAlert << Used to be listed as Rogue
Spy Hunter << Used to be listed as Rogue
I recommend that you remove Via Add/Remove Programs

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\WINDOWS\04zt.sys
Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following files
C:\WINDOWS\system32\enb.exe
C:\WINDOWS\system32\jlx.exe
C:\WINDOWS\System32\NOWMEMDF.sys


If Virustotal is too busy please try Jotti



Download AVG Anti-Spyware
Please download AVG Anti-Spyware. to your Desktop or to your usual Download Folder.

  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.


Run AVG Anti-Spyware
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Do not automatically generate reports
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    DirLook::
    C:\Program Files\Peepop
    
    File::
    C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
    C:\WINDOWS\04zt.sys
    C:\WINDOWS\system32\04zt.sys
    C:\WINDOWS\system32\34D562D718.sys
    C:\WINDOWS\system32\enb.exe
    C:\WINDOWS\system32\jlx.exe
    C:\WINDOWS\system\actualspystart.lnk
    C:\WINDOWS\wininit.ini
    C:\WINDOWS\system32\kbass1p.dll
    
    Driver::
    shpsv
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C0ADB68-353A-61DD-ED09-1D8003A6D1CB}]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{9C0ADB68-353A-61DD-ED09-1D8003A6D1CB}"=-
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 7th, 2008, 10:08 pm

ComboFix 08-01-04.1 - Jason 2008-01-07 17:58:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.1136 [GMT -8:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\04zt.sys
C:\WINDOWS\system\actualspystart.lnk
C:\WINDOWS\system32\04zt.sys
C:\WINDOWS\system32\34D562D718.sys
C:\WINDOWS\system32\enb.exe
C:\WINDOWS\system32\jlx.exe
C:\WINDOWS\system32\kbass1p.dll
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
C:\WINDOWS\wininit.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system\actualspystart.lnk
C:\WINDOWS\system32\34D562D718.sys
C:\WINDOWS\system32\kbass1p.dll
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
C:\WINDOWS\wininit.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SHPSV
-------\shpsv


((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-07 17:22 . 2008-01-07 17:22 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Grisoft
2008-01-07 17:22 . 2008-01-07 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-07 17:22 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-05 23:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-20 06:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-17 20:59 . 2007-12-17 20:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-17 18:22 . 2007-12-18 20:04 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\AdwareAlert
2007-12-17 18:17 . 2007-12-17 18:17 <DIR> d-------- C:\Program Files\Anti Keylogger Elite
2007-12-16 23:00 . 2007-12-16 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-16 22:39 . 2007-12-16 22:39 <DIR> d-------- C:\WINDOWS\Sun
2007-12-15 20:52 . 2007-12-15 20:52 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-15 18:38 . 2008-01-05 23:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-15 13:05 . 2007-12-15 13:05 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\PC Tools
2007-12-15 13:05 . 2007-12-15 14:36 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-15 13:05 . 2007-12-15 14:36 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-15 13:05 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-15 13:05 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-15 13:01 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 11:18 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-27 12:03 --------- d-----w C:\Documents and Settings\Jason\Application Data\LimeWire
2007-12-24 00:25 --------- d-----w C:\Documents and Settings\Jason\Application Data\Aim
2007-12-19 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-19 08:03 --------- d-----w C:\Program Files\Peepop
2007-12-16 14:19 --------- d-----w C:\Documents and Settings\Jason\Application Data\Spybot - Search & Destroy
2007-12-14 02:17 --------- d-----w C:\Program Files\World of Warcraft
2007-11-18 00:54 --------- d-----w C:\Program Files\Ventrilo
2007-11-18 00:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2006-01-18 04:35 25,672 ----a-w C:\Documents and Settings\Jason\Application Data\GDIPFONTCACHEV1.DAT
2005-02-11 05:46 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Peepop ----

2007-12-19 00:03 17408 --a------ C:\Program Files\Peepop\peepop.db2
2007-12-18 22:22 46 --a------ C:\Program Files\Peepop\intro.html
2007-12-18 22:22 0 --a------ C:\Program Files\Peepop\peepop.vip
2007-12-18 22:22 0 --a------ C:\Program Files\Peepop\peepop.blk
2006-09-30 14:24 0 --a------ C:\Program Files\Peepop\peepop2.db
2006-09-29 15:35 217088 --a------ C:\Program Files\Peepop\peepop.db
2005-10-18 13:27 1605632 --a------ C:\Program Files\Peepop\Peepop.exe
2005-05-31 17:12 692224 --a------ C:\Program Files\Peepop\chat.exe
2004-08-06 19:40 327680 --a------ C:\Program Files\Peepop\AutoUpdate.exe
2004-08-06 18:21 28374 --a------ C:\Program Files\Peepop\msg.wav
2004-02-29 05:53 41 --a------ C:\Program Files\Peepop\wwwroot\index.html


((((((((((((((((((((((((((((( snapshot@2008-01-05_23.57.10.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 16:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\valve\steam\steam.exe" [2007-12-02 16:58 1266936]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 10:37 7094272]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-04-27 14:18 61440]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 13:22 3739648]
"판도라TV미니"="C:\Program Files\PandoraTVMini\MiniUpdate.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"ÆCμμ¶oTV¹I´I"="C:\Program Files\PandoraTVMini\MiniUpdate.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2007-11-30 13:47 847872]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" [2002-09-04 10:28 151552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42 81920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 AKEProtect;AKEProtect;C:\Program Files\Anti Keylogger Elite\AKEProtect.sys [2006-03-07 22:36]
S3 NOWMEMDF;NOWMEMDF;C:\WINDOWS\System32\NOWMEMDF.sys [2005-11-02 03:23]

*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 02:04:00 C:\WINDOWS\Tasks\ ().job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-01-08 02:04:00 C:\WINDOWS\Tasks\ (JASON-JXS16R924-Jason).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-01-01 02:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-08 00:44:07 C:\WINDOWS\Tasks\McAfee.com Update Check (JASON-JXS16R924-Jason).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 18:03:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-07 18:06:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-08 02:06:08
ComboFix2.txt 2008-01-06 07:57:40

________________________________



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:55:52 PM 1/7/2008

+ Scan result:



C:\WINDOWS\system32\007guard.exe/the007installer.exe -> Adware.007Guard : Cleaned with backup (quarantined).
C:\WINDOWS\system32\2searchinstaller.exe/main.exe -> Adware.2Search : Cleaned with backup (quarantined).
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071219-172337-148.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071219-172335-946.dll -> Adware.Webdir : Cleaned with backup (quarantined).
HKU\S-1-5-21-343818398-1757981266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING11.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\installer_MARKETING11.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\installer_MARKETING11.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\installer_MARKETING11.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\installer_VENDARE4.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\exactinstaller.exe -> Downloader.Adload.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\aondndw30103lib.dll -> Downloader.Lastad.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ezkdrmaeg05.dll -> Downloader.Lastad.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Jason\My Documents\Unzipped cs hacks 2 ..better!\SI Hook.rar/SI Hook\SI Hook.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Jason\My Documents\Unzipped cs hacks 2 ..better!\hdh.zip/SI Hook.rar/SI Hook\SI Hook.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Zcvjwc.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\EPXActiveX.ocx -> Dropper.Agent.or : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\EPXActiveX.ocx -> Dropper.Agent.or : Cleaned with backup (quarantined).
C:\WINDOWS\browser.exe -> Hijacker.Small : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.310:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.481:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.483:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.563:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@awarenesstech.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@brightcove.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@nba.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@viamtvcom.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@viamtvnvideo.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.230:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.231:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.232:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@4.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.64:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.77:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.78:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.79:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.80:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.81:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.121:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.122:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.123:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.124:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.125:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.606:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.607:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.56:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.55:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.375:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.376:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.377:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.239:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.240:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.241:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.242:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.243:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@fortunecity[2].txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.653:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.654:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.655:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.382:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.383:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.384:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.447:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.323:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.324:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
:mozilla.53:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.300:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.301:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.302:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.353:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.354:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.355:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.356:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.357:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.358:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.359:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.360:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.361:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.362:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.363:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.425:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.426:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@real[2].txt -> TrackingCookie.Real : Cleaned.
:mozilla.233:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.234:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.235:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.236:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.237:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.37:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.38:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.48:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.49:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.50:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.51:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.52:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.70:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.508:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.509:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.510:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.334:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.335:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.336:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.337:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.338:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.339:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.340:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.341:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.407:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.408:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.140:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.141:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.142:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.143:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.144:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.145:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.146:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@sales.tfag[1].txt -> TrackingCookie.Tfag : Cleaned.
:mozilla.429:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.430:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.431:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.432:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.433:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.44:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.570:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.571:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.572:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.573:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.574:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Jason\Cookies\jason@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.63:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.66:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.67:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.89:C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\kbass1p.dll -> Trojan.Agent.uz : Cleaned with backup (quarantined).
[1040] C:\WINDOWS\system32\kbass1p.dll -> Trojan.Agent.uz : Cleaned with backup (quarantined).
[1928] C:\WINDOWS\system32\kbass1p.dll -> Trojan.Agent.uz : Cleaned with backup (quarantined).
[2080] C:\WINDOWS\system32\kbass1p.dll -> Trojan.Agent.uz : Cleaned with backup (quarantined).
[2152] C:\WINDOWS\system32\kbass1p.dll -> Trojan.Agent.uz : Cleaned with backup (quarantined).
[2600] C:\WINDOWS\system32\kbass1p.dll -> Trojan.Agent.uz : Cleaned with backup (quarantined).
[3384] C:\WINDOWS\system32\kbass1p.dll -> Trojan.Agent.uz : Cleaned with backup (quarantined).
[3572] C:\WINDOWS\system32\kbass1p.dll -> Trojan.Agent.uz : Cleaned with backup (quarantined).
[3684] C:\WINDOWS\system32\kbass1p.dll -> Trojan.Agent.uz : Cleaned with backup (quarantined).
[984] C:\WINDOWS\system32\kbass1p.dll -> Trojan.Agent.uz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\0g09avx.dll -> Trojan.Kolweb.f : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tew1lg2.dll -> Trojan.Kolweb.f : Cleaned with backup (quarantined).
C:\WINDOWS\04zt.sys -> Trojan.Kolweb.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\04zt.sys -> Trojan.Kolweb.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\enb.exe -> Trojan.Kolweb.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jlx.exe -> Trojan.Kolweb.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Jason\My Documents\Unzipped\MPHDowngrader\PSP\PHOTO\overflow.tif -> Trojan.PSPBrick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jason\My Documents\psp hacks\MPHDowngrader.zip/PSP/PHOTO/overflow.tif -> Trojan.PSPBrick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jason\My Documents\Unzipped cs hacks 2 ..better!\GDCS_1[1].3 another copy.rar/GDCS.exe -> Worm.Mytob.bt : Cleaned with backup (quarantined).


::Report end

_____________________________________


File 04zt.sys received on 01.08.2008 01:52:50 (CET)
Current status: finished
Result: 27/32 (84.38%)
Compact
Print results
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:



Antivirus Version Last Update Result
AhnLab-V3 2008.1.8.10 2008.01.07 Win-Trojan/Kolweb.160384
AntiVir 7.6.0.46 2008.01.07 TR/Kolweb.G.6
Authentium 4.93.8 2008.01.07 W32/Trojan.BENV
Avast 4.7.1098.0 2008.01.07 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.01.07 Generic.NBY
BitDefender 7.2 2008.01.08 Trojan.Kolweb.G
CAT-QuickHeal 9.00 2008.01.07 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.08 Trojan.W32.Kolweb-2
DrWeb 4.44.0.09170 2008.01.07 Trojan.Kolweb
eSafe 7.0.15.0 2008.01.06 Suspicious File
eTrust-Vet 31.3.5440 2008.01.07 -
Ewido 4.0 2008.01.07 Trojan.Kolweb.g
FileAdvisor 1 2008.01.08 -
Fortinet 3.14.0.0 2008.01.07 -
F-Prot 4.4.2.54 2008.01.07 W32/Trojan.BENV
F-Secure 6.70.13030.0 2008.01.08 Trojan.Win32.Kolweb.g
Ikarus T3.1.1.15 2008.01.08 Trojan.Win32.Kolweb.G
Kaspersky 7.0.0.125 2008.01.08 Trojan.Win32.Kolweb.g
McAfee 5201 2008.01.07 potentially unwanted program Adware-Adtomi
Microsoft 1.3109 2008.01.08 Adware:Win32/Adtomi.B
NOD32v2 2772 2008.01.07 a variant of Win32/Kolweb
Norman 5.80.02 2008.01.07 W32/Kolweb.Z
Panda 9.0.0.4 2008.01.07 Adware/Adtomi
Prevx1 V2 2008.01.08 Heuristic: Suspicious Self Modifying EXE
Rising 20.26.02.00 2008.01.07 -
Sophos 4.24.0 2008.01.07 -
Sunbelt 2.2.907.0 2008.01.08 VIPRE.Suspicious
Symantec 10 2008.01.08 Adware.Margoc
TheHacker 6.2.9.183 2008.01.07 Trojan/Kolweb.g
VBA32 3.12.2.5 2008.01.07 Trojan.Win32.Kolweb.g
VirusBuster 4.3.26:9 2008.01.07 Trojan.Kolweb.AD
Webwasher-Gateway 6.6.2 2008.01.07 Trojan.Kolweb.G.6
Additional information
File size: 145970 bytes
MD5: 9fb59d07d5a302f81c72c9b673c28e2f
SHA1: 87e8296ad5e597397a11d126f6c1450109871214
PEiD: PECompact 2.xx --> BitSum Technologies
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramtext. ... 00E5DCF6B4
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.


File enb.exe received on 01.08.2008 02:03:22 (CET)
Current status: finished
Result: 20/32 (62.5%)
Compact
Print results
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:



Antivirus Version Last Update Result
AhnLab-V3 2008.1.8.10 2008.01.07 -
AntiVir 7.6.0.46 2008.01.07 -
Authentium 4.93.8 2008.01.07 W32/Trojan.IYO
Avast 4.7.1098.0 2008.01.07 Win32:Kolweb-E
AVG 7.5.0.516 2008.01.07 Generic.YQA
BitDefender 7.2 2008.01.08 Trojan.Kolweb.H
CAT-QuickHeal 9.00 2008.01.07 Trojan.Kolweb.g
ClamAV 0.91.2 2008.01.08 -
DrWeb 4.44.0.09170 2008.01.07 Trojan.Kolweb
eSafe 7.0.15.0 2008.01.06 -
eTrust-Vet 31.3.5440 2008.01.07 Win32/Startpage.UQ
Ewido 4.0 2008.01.07 Trojan.Kolweb.g
FileAdvisor 1 2008.01.08 -
Fortinet 3.14.0.0 2008.01.07 -
F-Prot 4.4.2.54 2008.01.07 W32/Trojan.IYO
F-Secure 6.70.13030.0 2008.01.08 Trojan.Win32.Kolweb.g
Ikarus T3.1.1.15 2008.01.08 Trojan.Win32.Kolweb.F
Kaspersky 7.0.0.125 2008.01.08 Trojan.Win32.Kolweb.g
McAfee 5201 2008.01.07 potentially unwanted program Adware-Adtomi
Microsoft 1.3109 2008.01.08 Adware:Win32/Adtomi.B
NOD32v2 2772 2008.01.07 Win32/Kolweb.I
Norman 5.80.02 2008.01.07 -
Panda 9.0.0.4 2008.01.07 Suspicious file
Prevx1 V2 2008.01.08 -
Rising 20.26.02.00 2008.01.07 -
Sophos 4.24.0 2008.01.07 -
Sunbelt 2.2.907.0 2008.01.08 -
Symantec 10 2008.01.08 Trojan Horse
TheHacker 6.2.9.183 2008.01.07 Trojan/Kolweb.g
VBA32 3.12.2.5 2008.01.07 Trojan.Win32.Kolweb.g
VirusBuster 4.3.26:9 2008.01.07 Trojan.Kolweb.Q
Webwasher-Gateway 6.6.2 2008.01.07 -
Additional information
File size: 187945 bytes
MD5: de4e6e8160116c149a1d7ba39a5e924d
SHA1: 6518eb3d6e1a7c1f62d4fbe88a659edc6931ecf8
PEiD: BobSoft Mini Delphi -> BoB / BobSoft

File jlx.exe received on 01.08.2008 02:07:29 (CET)
Current status: finished
Result: 21/32 (65.63%)
Compact
Print results
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:



Antivirus Version Last Update Result
AhnLab-V3 2008.1.8.10 2008.01.07 -
AntiVir 7.6.0.46 2008.01.07 -
Authentium 4.93.8 2008.01.07 W32/Trojan.AZHO
Avast 4.7.1098.0 2008.01.07 Win32:Kolweb-E
AVG 7.5.0.516 2008.01.07 Generic.DUM
BitDefender 7.2 2008.01.08 Trojan.Kolweb.G
CAT-QuickHeal 9.00 2008.01.07 -
ClamAV 0.91.2 2008.01.08 -
DrWeb 4.44.0.09170 2008.01.07 Trojan.Click.767
eSafe 7.0.15.0 2008.01.06 -
eTrust-Vet 31.3.5440 2008.01.07 Win32/Startpage.UP
Ewido 4.0 2008.01.07 Trojan.Kolweb.g
FileAdvisor 1 2008.01.08 -
Fortinet 3.14.0.0 2008.01.07 -
F-Prot 4.4.2.54 2008.01.07 W32/Trojan.AZHO
F-Secure 6.70.13030.0 2008.01.08 Trojan.Win32.Kolweb.g
Ikarus T3.1.1.15 2008.01.08 Trojan.Win32.Kolweb.F
Kaspersky 7.0.0.125 2008.01.08 Trojan.Win32.Kolweb.g
McAfee 5201 2008.01.07 potentially unwanted program Adware-Adtomi
Microsoft 1.3109 2008.01.08 Adware:Win32/Adtomi.B
NOD32v2 2772 2008.01.07 Win32/Kolweb.G
Norman 5.80.02 2008.01.07 W32/Kolweb.G
Panda 9.0.0.4 2008.01.07 Suspicious file
Prevx1 V2 2008.01.08 -
Rising 20.26.02.00 2008.01.07 Trojan.KolWeb.be
Sophos 4.24.0 2008.01.07 -
Sunbelt 2.2.907.0 2008.01.08 -
Symantec 10 2008.01.08 Adware.Margoc
TheHacker 6.2.9.183 2008.01.07 Trojan/Kolweb.g
VBA32 3.12.2.5 2008.01.07 Trojan.Win32.Kolweb.g
VirusBuster 4.3.26:9 2008.01.07 Trojan.Kolweb.N
Webwasher-Gateway 6.6.2 2008.01.07 -
Additional information
File size: 263288 bytes
MD5: 55ed636fa259b5044c05bdd2aab281bd
SHA1: c4f2f122b2be78d72f7c097fea343ce9be449198
PEiD: BobSoft Mini Delphi -> BoB / BobSoft

File NOWMEMDF.sys received on 01.08.2008 02:14:09 (CET)
Current status: finished
Result: 0/32 (0%)
Compact
Print results
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:



Antivirus Version Last Update Result
AhnLab-V3 2008.1.8.10 2008.01.07 -
AntiVir 7.6.0.46 2008.01.07 -
Authentium 4.93.8 2008.01.07 -
Avast 4.7.1098.0 2008.01.07 -
AVG 7.5.0.516 2008.01.07 -
BitDefender 7.2 2008.01.08 -
CAT-QuickHeal 9.00 2008.01.07 -
ClamAV 0.91.2 2008.01.08 -
DrWeb 4.44.0.09170 2008.01.07 -
eSafe 7.0.15.0 2008.01.06 -
eTrust-Vet 31.3.5440 2008.01.07 -
Ewido 4.0 2008.01.07 -
FileAdvisor 1 2008.01.08 -
Fortinet 3.14.0.0 2008.01.07 -
F-Prot 4.4.2.54 2008.01.07 -
F-Secure 6.70.13030.0 2008.01.08 -
Ikarus T3.1.1.15 2008.01.08 -
Kaspersky 7.0.0.125 2008.01.08 -
McAfee 5201 2008.01.07 -
Microsoft 1.3109 2008.01.08 -
NOD32v2 2772 2008.01.07 -
Norman 5.80.02 2008.01.07 -
Panda 9.0.0.4 2008.01.07 -
Prevx1 V2 2008.01.08 -
Rising 20.26.02.00 2008.01.07 -
Sophos 4.24.0 2008.01.07 -
Sunbelt 2.2.907.0 2008.01.08 -
Symantec 10 2008.01.08 -
TheHacker 6.2.9.183 2008.01.07 -
VBA32 3.12.2.5 2008.01.07 -
VirusBuster 4.3.26:9 2008.01.07 -
Webwasher-Gateway 6.6.2 2008.01.07 -
Additional information
File size: 14464 bytes
MD5: 22eddbd0b31562a7633c370013471774
SHA1: 186672bbcd2a1bb0883eda1f3e46ada9062ebf4d
PEiD: -
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 7th, 2008, 10:46 pm

That looks a bit better :), How are things running now ?




Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 7th, 2008, 11:02 pm

i have no idea i can't tell if the keylogger is still running my comp. should i download Kaspersky Online Scanner?
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 7th, 2008, 11:13 pm

iija5onii wrote:should i download Kaspersky Online Scanner?


Yes please
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 8th, 2008, 9:44 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 08, 2008 5:43:19 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/01/2008
Kaspersky Anti-Virus database records: 504310
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 57498
Number of viruses found: 12
Number of infected objects: 29
Number of suspicious objects: 0
Duration of the scan process: 00:48:24

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Jason\Application Data\Aim\IIJA5ONII\cert8.db Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Aim\IIJA5ONII\key3.db Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\history.dat Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\key3.db Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jason\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Desktop\Azureus_2.3.0.4_Win32.setup.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Webdir.b skipped
C:\Documents and Settings\Jason\Desktop\Azureus_2.3.0.4_Win32.setup.exe/stream Infected: not-a-virus:AdWare.Win32.Webdir.b skipped
C:\Documents and Settings\Jason\Desktop\Azureus_2.3.0.4_Win32.setup.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Application Data\Mozilla\Firefox\Profiles\ldol7pg0.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temp\Perflib_Perfdata_5cc.dat Object is locked skipped
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jason\My Documents\Unzipped\aefdisk32v11\aefdisk32.exe Infected: not-a-virus:RiskTool.Win32.Aefdisk32.11 skipped
C:\Documents and Settings\Jason\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jason\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\PREVX\Prevx Home\lclbrk.cache Object is locked skipped
C:\Program Files\PREVX\Prevx Home\paws.cache Object is locked skipped
C:\Program Files\PREVX\Prevx Home\prevx.cache Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071219-172335-917.dll Infected: not-a-virus:AdWare.Win32.BHO.px skipped
C:\Program Files\Windows Media Player\wmplayer.exe.tmp Infected: Trojan-Downloader.Win32.Small.bem skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kbass1p.dll.vir Infected: Trojan-PSW.Win32.Agent.uz skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007492.exe Infected: not-a-virus:AdWare.Win32.DealHelper.ag skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007493.sys Infected: Trojan.Win32.Kolweb.g skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007494.sys Infected: Trojan.Win32.Kolweb.g skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007495.exe Infected: Trojan.Win32.Kolweb.g skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007496.exe Infected: Trojan.Win32.Kolweb.g skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007498.exe Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007499.dll Infected: Trojan.Win32.Kolweb.f skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007500.dll Infected: Trojan.Win32.Kolweb.f skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007501.dll Infected: Trojan-Downloader.Win32.Lastad.h skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007502.dll Infected: Trojan-Downloader.Win32.Lastad.h skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007503.dll Infected: not-a-virus:AdWare.Win32.Webdir.b skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007505.exe/data.rar/the007installer.exe Infected: not-a-virus:AdWare.Win32.007Guard.a skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007505.exe/data.rar/the007guard.ocx Infected: not-a-virus:AdWare.Win32.007Guard.a skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007505.exe/data.rar Infected: not-a-virus:AdWare.Win32.007Guard.a skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007505.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe/data.rar/main.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe/data.rar/uninstall.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe/data.rar/get.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe/data.rar/2search.dll Infected: not-a-virus:AdWare.Win32.2Search.c skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe/data.rar Infected: not-a-virus:AdWare.Win32.2Search.c skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP18\A0007506.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP19\A0007515.dll Infected: Trojan-PSW.Win32.Agent.uz skipped
C:\System Volume Information\_restore{07E6FB98-D129-4606-BC5E-95E704415D3D}\RP19\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 8th, 2008, 11:05 pm

katana wrote:What Antivirus do you use ?

The following program/s are regarded as either "Rogue", being bundled with "Adware" or having dubious reputations

AdwareAlert << Used to be listed as Rogue
Spy Hunter << Used to be listed as Rogue
I recommend that you remove Via Add/Remove Programs


Did you remove these programs ?
What Antivirus do you use ?

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    
    File::
    C:\Documents and Settings\Jason\Desktop\Azureus_2.3.0.4_Win32.setup.exe
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20071219-172335-917.dll
    C:\Program Files\Windows Media Player\wmplayer.exe.tmp
    Folder::
    Driver::
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "???TV??"=-
    "’CææôoTVûIïI"=-
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 9th, 2008, 12:19 am

AdwareAlert << Used to be listed as Rogue
Spy Hunter << Used to be listed as Rogue
I recommend that you remove Via Add/Remove Programs


i can't remove it with add/remove programs and im not using any anti-virus


ComboFix 08-01-04.1 - Jason 2008-01-08 19:15:47.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.521 [GMT -8:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Jason\Desktop\Azureus_2.3.0.4_Win32.setup.exe
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071219-172335-917.dll
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jason\Desktop\Azureus_2.3.0.4_Win32.setup.exe
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071219-172335-917.dll
C:\Program Files\Windows Media Player\wmplayer.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-08 10:12 . 2008-01-08 10:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-08 10:12 . 2008-01-08 10:12 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-08 10:12 . 2008-01-08 10:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-07 17:22 . 2008-01-07 17:22 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Grisoft
2008-01-07 17:22 . 2008-01-07 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-07 17:22 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-05 23:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-20 06:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-17 20:59 . 2007-12-17 20:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-17 18:22 . 2007-12-18 20:04 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\AdwareAlert
2007-12-17 18:17 . 2007-12-17 18:17 <DIR> d-------- C:\Program Files\Anti Keylogger Elite
2007-12-16 23:00 . 2007-12-16 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-16 22:39 . 2007-12-16 22:39 <DIR> d-------- C:\WINDOWS\Sun
2007-12-15 20:52 . 2007-12-15 20:52 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-15 18:38 . 2008-01-05 23:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-15 13:05 . 2007-12-15 13:05 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\PC Tools
2007-12-15 13:05 . 2007-12-15 14:36 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-15 13:05 . 2007-12-15 14:36 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-15 13:05 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-15 13:05 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-15 13:01 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 18:05 --------- d-----w C:\Program Files\World of Warcraft
2008-01-03 11:18 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-27 12:03 --------- d-----w C:\Documents and Settings\Jason\Application Data\LimeWire
2007-12-24 00:25 --------- d-----w C:\Documents and Settings\Jason\Application Data\Aim
2007-12-19 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-19 08:03 --------- d-----w C:\Program Files\Peepop
2007-12-16 14:19 --------- d-----w C:\Documents and Settings\Jason\Application Data\Spybot - Search & Destroy
2007-11-18 00:54 --------- d-----w C:\Program Files\Ventrilo
2007-11-18 00:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2006-01-18 04:35 25,672 ----a-w C:\Documents and Settings\Jason\Application Data\GDIPFONTCACHEV1.DAT
2005-02-11 05:46 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-05_23.57.10.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 16:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-05-24 20:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 23:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 23:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\valve\steam\steam.exe" [2007-12-02 16:58 1266936]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 10:37 7094272]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-04-27 14:18 61440]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 13:22 3739648]
"판도라TV미니"="C:\Program Files\PandoraTVMini\MiniUpdate.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"ÆCμμ¶oTV¹I´I"="C:\Program Files\PandoraTVMini\MiniUpdate.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2007-11-30 13:47 847872]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" [2002-09-04 10:28 151552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42 81920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 AKEProtect;AKEProtect;C:\Program Files\Anti Keylogger Elite\AKEProtect.sys [2006-03-07 22:36]
S3 NOWMEMDF;NOWMEMDF;C:\WINDOWS\System32\NOWMEMDF.sys [2005-11-02 03:23]

*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 03:14:00 C:\WINDOWS\Tasks\ ().job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-01-09 03:14:00 C:\WINDOWS\Tasks\ (JASON-JXS16R924-Jason).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-01-08 02:45:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-09 01:43:00 C:\WINDOWS\Tasks\McAfee.com Update Check (JASON-JXS16R924-Jason).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 19:18:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-08 19:19:16
ComboFix-quarantined-files.txt 2008-01-09 03:19:01
ComboFix2.txt 2008-01-08 02:06:11
ComboFix3.txt 2008-01-06 07:57:40
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 9th, 2008, 8:59 am

Did you used to have McAfee installed ?
If it is out of date, and you are not going to renew then I recommend that you remove it.

No Antivirus
I can see no indication of any Antivirus software.

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Free AV list
AVG Free
Avira AntiVir
Avast

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Folder::
    C:\Documents and Settings\Jason\Application Data\AdwareAlert
    C:\Program Files\Enigma Software Group
    Driver::
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "???TV??"=-
    "ÆC??¶oTV¹I´I"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpyHunter Security Suite"=-
    "MCUpdateExe"=-
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 11th, 2008, 12:19 am

ComboFix 08-01-04.1 - Jason 2008-01-10 1:51:48.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.1114 [GMT -8:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jason\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jason\Application Data\AdwareAlert
C:\Documents and Settings\Jason\Application Data\AdwareAlert\Log\2007 Dec 18 - 08_03_45 PM_968.log
C:\Documents and Settings\Jason\Application Data\AdwareAlert\Log\2007 Dec 18 - 08_04_26 PM_515.log
C:\Documents and Settings\Jason\Application Data\AdwareAlert\rs.dat
C:\Program Files\Enigma Software Group
C:\Program Files\Enigma Software Group\SpyHunter\ActiveKill.dll
C:\Program Files\Enigma Software Group\SpyHunter\ActiveXKill.dll
C:\Program Files\Enigma Software Group\SpyHunter\AXList.txt
C:\Program Files\Enigma Software Group\SpyHunter\br.exe
C:\Program Files\Enigma Software Group\SpyHunter\Common.dll
C:\Program Files\Enigma Software Group\SpyHunter\def.dat
C:\Program Files\Enigma Software Group\SpyHunter\EnigmaUpdater.dll
C:\Program Files\Enigma Software Group\SpyHunter\exc.dat
C:\Program Files\Enigma Software Group\SpyHunter\HelpDesk.dll
C:\Program Files\Enigma Software Group\SpyHunter\HFMonitor.dll
C:\Program Files\Enigma Software Group\SpyHunter\INSTALL.LOG
C:\Program Files\Enigma Software Group\SpyHunter\install.sss
C:\Program Files\Enigma Software Group\SpyHunter\Language.dll
C:\Program Files\Enigma Software Group\SpyHunter\NetworkSentry.dll
C:\Program Files\Enigma Software Group\SpyHunter\Options.dll
C:\Program Files\Enigma Software Group\SpyHunter\pgdata.dat
C:\Program Files\Enigma Software Group\SpyHunter\ProcessGuard.dll
C:\Program Files\Enigma Software Group\SpyHunter\RegistryGuard.dll
C:\Program Files\Enigma Software Group\SpyHunter\rgdata.dat
C:\Program Files\Enigma Software Group\SpyHunter\Scanner.dll
C:\Program Files\Enigma Software Group\SpyHunter\Scheduler.dll
C:\Program Files\Enigma Software Group\SpyHunter\SHDS.mht
C:\Program Files\Enigma Software Group\SpyHunter\spyhunter.log
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.chm
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.skn
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
C:\Program Files\Enigma Software Group\SpyHunter\support.log
C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe
C:\Program Files\Enigma Software Group\SpyHunter\Updater.dll
C:\Program Files\Enigma Software Group\SpyHunter\whitelist.dat
C:\Program Files\Enigma Software Group\SpyHunter\WSAMonitor.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-08 10:12 . 2008-01-08 10:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-08 10:12 . 2008-01-08 10:12 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-08 10:12 . 2008-01-08 10:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-07 17:22 . 2008-01-07 17:22 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Grisoft
2008-01-07 17:22 . 2008-01-07 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-07 17:22 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-05 23:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-20 06:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-17 20:59 . 2007-12-17 20:59 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-17 18:17 . 2007-12-17 18:17 <DIR> d-------- C:\Program Files\Anti Keylogger Elite
2007-12-16 23:00 . 2007-12-16 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-16 22:39 . 2007-12-16 22:39 <DIR> d-------- C:\WINDOWS\Sun
2007-12-15 18:38 . 2008-01-05 23:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-15 13:05 . 2007-12-15 13:05 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\PC Tools
2007-12-15 13:05 . 2007-12-15 14:36 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-15 13:05 . 2007-12-15 14:36 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-15 13:05 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-15 13:05 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-15 13:01 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 18:05 --------- d-----w C:\Program Files\World of Warcraft
2008-01-03 11:18 --------- d-----w C:\Program Files\Spyware Doctor
2007-12-27 12:03 --------- d-----w C:\Documents and Settings\Jason\Application Data\LimeWire
2007-12-24 00:25 --------- d-----w C:\Documents and Settings\Jason\Application Data\Aim
2007-12-19 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-19 08:03 --------- d-----w C:\Program Files\Peepop
2007-12-16 14:19 --------- d-----w C:\Documents and Settings\Jason\Application Data\Spybot - Search & Destroy
2007-11-18 00:54 --------- d-----w C:\Program Files\Ventrilo
2007-11-18 00:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2006-01-18 04:35 25,672 ----a-w C:\Documents and Settings\Jason\Application Data\GDIPFONTCACHEV1.DAT
2005-02-11 05:46 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-05_23.57.10.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 16:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-05-24 20:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 23:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 23:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\valve\steam\steam.exe" [2007-12-02 16:58 1266936]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 10:37 7094272]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-04-27 14:18 61440]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 13:22 3739648]
"판도라TV미니"="C:\Program Files\PandoraTVMini\MiniUpdate.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-03 13:21 3461120]
"ÆCμμ¶oTV¹I´I"="C:\Program Files\PandoraTVMini\MiniUpdate.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 11:42 4112384]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 11:42 81920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 AKEProtect;AKEProtect;C:\Program Files\Anti Keylogger Elite\AKEProtect.sys [2006-03-07 22:36]
S3 NOWMEMDF;NOWMEMDF;C:\WINDOWS\System32\NOWMEMDF.sys [2005-11-02 03:23]

*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2008-01-10 09:54:00 C:\WINDOWS\Tasks\ ().job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-01-10 09:54:00 C:\WINDOWS\Tasks\ (JASON-JXS16R924-Jason).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-01-08 02:45:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-10 08:11:53 C:\WINDOWS\Tasks\McAfee.com Update Check (JASON-JXS16R924-Jason).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 01:54:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 1:55:11
ComboFix-quarantined-files.txt 2008-01-10 09:54:57
ComboFix2.txt 2008-01-09 03:19:17
ComboFix3.txt 2008-01-08 02:06:11
ComboFix4.txt 2008-01-06 07:57:40
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby iija5onii » January 11th, 2008, 4:46 am

yes the keylogger still here. he switched password again on my game.
iija5onii
Regular Member
 
Posts: 19
Joined: December 31st, 2007, 3:11 pm

Re: HIJACKTHIS LOG - i really need help PLEASE HELP

Unread postby Katana » January 11th, 2008, 8:37 am

There is no evidence of any keylogger in your logs ?


TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.

For the next scan please close all the programs that you can, and do not use the machine while it is running.
Please Download GMER to your desktop

Please create a folder in the Program Files folder called GMER.

Download GMER and extract it to the C:\program files\GMER folder you have just made.


Run the Gmer.exe program by double-clicking the executable file gmer.exe.
You may be prompted to scan immediately if GMER detects rootkit activity.

If you are prompted to scan your system click "yes" to begin the scan.
If you are not prompted, Click the "Rootkit" tab, then click "Scan".


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

At the end of the scan, click "Copy" to copy the scan results to the clipboard. Then paste the results in a notepad file and also paste them back in your next reply.

Please post the results from the GMER scan in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 474 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware