Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My HijackThis log Help please


  • Please log in to reply
41 replies to this topic

#16 JSquared

JSquared

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 14 June 2006 - 08:34 PM

Heh i think i burst the post length limit heres the continuation. :mozilla.219:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.220:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.221:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.222:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.223:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.224:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.231:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.235:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.236:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.268:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.269:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.270:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.271:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.272:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.282:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.287:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.290:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned with backup :mozilla.291:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup :mozilla.296:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.349:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.350:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.351:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.365:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.366:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.367:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.368:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.369:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.375:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.376:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.377:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.378:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.388:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.389:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.390:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.391:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.402:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup :mozilla.416:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.417:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.418:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.422:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.423:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.433:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.436:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.450:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.451:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.452:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.453:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup :mozilla.454:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.455:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.456:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.457:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.485:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.487:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.511:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.518:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.530:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.561:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.562:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.566:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.569:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.578:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.579:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.603:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.604:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.605:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.606:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.617:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.637:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.640:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.645:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.646:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.665:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.666:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.674:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup :mozilla.679:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.680:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.681:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.682:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.683:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.684:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.685:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.704:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.705:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.729:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup :mozilla.730:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Komtrack : Cleaned with backup :mozilla.744:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.745:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.759:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.760:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.761:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.762:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.763:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup :mozilla.779:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.783:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup :mozilla.791:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.792:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.793:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.794:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.795:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.821:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.822:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.823:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.825:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.826:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.827:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.830:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.831:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.834:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.835:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.848:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup :mozilla.849:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup :mozilla.860:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.862:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.863:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.874:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup :mozilla.897:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup :mozilla.898:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.906:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.911:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.912:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.913:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.914:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.952:C:\Documents and Settings\hccnmh\Application Data\Mozilla\Firefox\Profiles\a7rs54gf.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\hccnmh\Cookies\hccnmh@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\hccnmh\Cookies\hccnmh@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\hccnmh\Cookies\hccnmh@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\hccnmh\Cookies\hccnmh@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\hccnmh\Cookies\hccnmh@e-2dj6wjnygmcjggp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\hccnmh\Cookies\hccnmh@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\hccnmh\Cookies\hccnmh@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\hccnmh\Cookies\hccnmh@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\hccnmh\Cookies\hccnmh@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\hccnmh\Cookies\hccnmh@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\hccnmh\Cookies\hccnmh@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup C:\Program Files\iPass\iPassConnect\idialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup C:\Program Files\Mozilla Firefox\.aut.exe -> Adware.Agent : Cleaned with backup C:\Program Files\Mozilla Firefox\plugins\npzango.dll -> Adware.WinAD : Cleaned with backup C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.180Solutions : Cleaned with backup ::Report End :weee:

    Advertisements

Register to Remove


#17 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 15 June 2006 - 05:17 AM

:o

Post a new HijackThis! log.

If it is still "clean", I'll close this thread.

Thanks for using the forum.

M68 :)

Post Infection Items To Ponder
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#18 JSquared

JSquared

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 15 June 2006 - 09:25 AM

The problem with the HijackThis still remains after i rename it. When i click it it says the file dosent exist and then it disappears. I cant reinstall it from the self extractor i saved into my system in normal mode, though it works when i go into safe mode. The thing also works in safe mode, but whats the point. When i reboot to normal mode the same problem happens. So do we get all worked up or just heck. My comp seems to be fine though. :scratch:

Edited by JSquared, 15 June 2006 - 09:31 AM.


#19 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 15 June 2006 - 11:05 AM

:scratch:

Download it again (as "junk.exe").

Run it.

Click on Open Misc Tools section

To the right of Generate Startuplist log, there are two boxes.

Check them both, then click Generate Startuplist log.

"Copy/paste" the startuplist log into this thread.

Also, please tell me what files (if any) are in this folder:

C:\windows\system32\drivers\helpsys
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#20 JSquared

JSquared

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 15 June 2006 - 08:18 PM

Ok, i did what you said but i stumbled around a bit. The first time i did it, the hijackthis worked. But then after i accidntally scanned before changing the options so i quit and tried to restart. Then a notice popped up telling me tt u had to link the file to something to open it, and that this might be a way to 'exploit a weakness in the program'. So i stupidly clicked yes since tt was the only way to open the thing. Now everything disappears again. When i try to download again, its wierd. Every time the download reaches like 90 percent or 95 percent or just before tt last few Kb, it stops. ive tried many times and renamed junk.exe to other stuff but it dosent work. Is this innocuos(or my fault) or is some evil intelligence controlling the whole situation? The file they wanted to link it to was some something in documents and settings. I cant remember anything else about the thing except that it did have some percentage signs. Sorry man for the carelessness. There are no files in the folder, and im sure i turned on the see hidden files option.

Edited by JSquared, 15 June 2006 - 08:29 PM.


#21 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 15 June 2006 - 08:32 PM

Please go here:

Silent Runners.org

Download/run the silentrunners.vbs script.

If your antivirus complains about it, just tell it it's safe.

When you run it, click "Yes" to the "Skip supplementary searches".

It will take a few minutes to run.

When it fininshes, it will tell you what text file it put the results in (it will be in the same folder the VBS file was downloaded into).

Open it up with Notepad, and paste it into your next post, please.
:)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#22 JSquared

JSquared

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 15 June 2006 - 08:39 PM

I did some exploring around my computer and i found in this C:\Documents and Settings\hccnmh\Local Settings\Application Data\Mozilla\Firefox\Profiles this: a7rs54gf.Default User The suspicious thing abt this is that the date modified for this file is sometime very close, and i think the day(night) itself tt i accepted the suspicious package(again) from msn. Inside the cache folder are long files like this A89F4DBCd01,D6263C66d01 no extensions What interests me is that they were all modified at about the same time, tt is 15 june night, when i guess i accepted the thing tt started all the trouble. I tried to delete the folder but it said a file was being used. Specifically 4FF7F4CAd01.

Edited by JSquared, 15 June 2006 - 08:46 PM.


#23 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 15 June 2006 - 08:49 PM

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Under Firefox choose: Firefox Cache and Firefox Cookies
Click the Empty Selected button.

Reboot.

Maybe try to download HijackThis! again?
:unsure:

Hijack This! (© Merijn) at tools.radiosplace.com

Hijack This! (© Merijn) at spywarewarrior.com
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#24 JSquared

JSquared

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 16 June 2006 - 12:42 AM

This is the silentrunner log.

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"WinUpdate.exe" = "C:\Program Files\Windows\WinUpdate.exe" [file not found]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"TClock.exe" = "C:\Program Files\TClock\tclock_install.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"CfgDownload" = "c:\ixos-archive\bin\CfgDownload.exe" ["IXOS SOFTWARE AG"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"ADU" = ""C:\Program Files\Cisco Aironet\ADU.exe" -nogui" ["Cisco"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SmcService" = "C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui" ["Sygate Technologies, Inc."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{8e9d6600-f84a-11ce-8daa-00aa004a5691}" = "Shell extensions for NetWare"
-> {HKLM...CLSID} = "NetWare Objects"
\InProcServer32\(Default) = "nwprovau.dll" [MS]
"{e3f2bac0-099f-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"
-> {HKLM...CLSID} = "NetWare UNC Folder Menu"
\InProcServer32\(Default) = "nwprovau.dll" [MS]
"{52c68510-09a0-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"
-> {HKLM...CLSID} = "NetWare Hood Verbs"
\InProcServer32\(Default) = "nwprovau.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 DragDrop Shell Extension"
-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Property Sheet Shell Extension"
-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided)
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
"{FFD2FF77-0B5E-4B5F-8708-271F5F4F3B57}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\iorop.dll" [file not found]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided)
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "GinaDLL" = "cscogina.dll" ["Cisco Systems, Inc."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {HKLM...CLSID} = "Ctest Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
NetWareUNCMenu\(Default) = "{e3f2bac0-099f-11cf-8daa-00aa004a5691}"
-> {HKLM...CLSID} = "NetWare UNC Folder Menu"
\InProcServer32\(Default) = "nwprovau.dll" [MS]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmarque.scr" [MS]


Startup items in "hccnmh" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\hccnmh\Start Menu\Programs\Startup
"SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 30
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
AVSync Manager, AvSynMgr, ""C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe"" ["Network Associates, Inc."]
Cisco Configuration Service, CCS, "C:\WINDOWS\system32\ccs.exe" ["Cisco Systems, Inc."]
Client Service for NetWare, NWCWorkstation, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\nwwks.dll" [MS]}
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
McShield, McShield, ""C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe"" ["Network Associates, Inc."]
Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\Smc.exe" ["Sygate Technologies, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
IXOS Port\Driver = "C:\WINDOWS\System32\ixpormon.dll" ["IXOS SOFTWARE AG"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 19 seconds, including 3 seconds for message boxes)




And this is the startuplist log.


StartupList report, 16/06/2006, 1:52:36 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\hccnmh\Desktop\funny folder\junk.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ccs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Cisco Aironet\ADU.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Documents and Settings\hccnmh\Desktop\funny folder\junk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\hccnmh\Start Menu\Programs\Startup]
SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
CfgDownload = c:\ixos-archive\bin\CfgDownload.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ADU = "C:\Program Files\Cisco Aironet\ADU.exe" -nogui
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
SmcService = C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
TClock.exe = C:\Program Files\TClock\tclock_install.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmarque.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zon...kr.cab31267.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....k/?linkid=39204

[iNotes Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\inotes.dll
CODEBASE = https://iaccess.spow...m.sg/iNotes.cab

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zon...er.cab31267.cab

[iNotes6 Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\inotes6W.dll
CODEBASE = https://iaccess.spow...sg/iNotes6W.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.micros...b?1127045891292

[CasaVerify Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CasaVerifier.dll
CODEBASE = file://D:\Citidirect\CitiDirect\ie\casaverifier.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...8159.1307407407

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/...s/msnchat45.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

WinUpdate.exe = C:\Program Files\Windows\WinUpdate.exe

--------------------------------------------------

End of report, 7,854 bytes
Report generated in 0.630 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#25 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 16 June 2006 - 05:52 AM

:scratch:

Copy the text in the following quote box into Notepad:

reg query "HKEY_CLASSES_ROOT\exefile\shell\open\command" > files.txt
notepad files.txt


Save it to your desktop as ff.bat

CLOSE NOTEPAD!

Now, <double-click> the ff.bat file on the desktop. A Notepad window will open up.

Please paste it's contents into your next post.

Edited by Micah_6:8, 16 June 2006 - 05:53 AM.

Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

    Advertisements

Register to Remove


#26 JSquared

JSquared

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 16 June 2006 - 07:08 AM

Ok. ! REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\exefile\shell\open\command <NO NAME> REG_SZ "%1" %*

#27 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 16 June 2006 - 07:13 AM

:scratch:

Still nothing.....

Download Blacklight Beta from here:
Blacklight Beta

Hit I accept. It will take you to download page.

Download blbeta.exe and save it to the Desktop.

Once saved... double click blbeta.exe to install the program.

Click accept agreement and Click scan

This application may cause a warning from your antivirus. Let it load.

Wait for it to finish.

If it displays any items...don't do anything with them yet. Just hit exit (close)

It will drop a log on Desktop that starts with fsbl....(big number)

Post that log.
:)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#28 JSquared

JSquared

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 16 June 2006 - 07:31 AM

When i start it it says I 'could not acquire the neccessary priviledges to open it'. Its not my laptop, and i think there is an administrator, but hes long gone.

Edited by JSquared, 16 June 2006 - 08:14 AM.


#29 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 16 June 2006 - 08:03 AM

Download, unzip and run 'RootkitRevealer' from Sysinternals:
http://www.sysintern...itRevealer.html
Once the program has started, press Scan and let it run.
When the scan is done, use 'File > Save' to place the logfile in a convenient location (such as the desktop). The default filename will be 'RootkitReveal.txt'.

Save your Log File
Copy/Paste the contecnts of that logfile into your next reply

NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#30 JSquared

JSquared

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 16 June 2006 - 08:19 AM

Uh, what does this mean? or attempted scan in case of some error etc !

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users