Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked...somethings Taking Up My Memory And I Dont Know What..


  • Please log in to reply
15 replies to this topic

#1 booya

booya

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 02 November 2007 - 06:54 PM

heres the log..its slowing my comp somewhat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:15 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\outlook\outlook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinAble\winable.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\17PHolmes1000140.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coair.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VaCtrls] v7
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Ssxsfd] C:\WINDOWS\?ymbols\n?tepad.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Startup: Styler.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 5793 bytes

help is appreciated

Edited by booya, 02 November 2007 - 10:08 PM.


BC AdBot (Login to Remove)

 


#2 booya

booya
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 02 November 2007 - 07:13 PM

oh my mistake i shouldve posted this at the "Am I infected? What do I do?" forum...if a mod feels to move this to the appropriate forum please do so...thank you

#3 booya

booya
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 03 November 2007 - 07:21 AM

i forgot to mention that i was unable to use alt ctrl del and go to taskmanager...upon searching my problem through this site i read that my comp might be compromised...gah...

i read on another forum where a user had a similar problem and used kaspersky anti virus (is this reliable?) and fixed the problem right now im able to use the taskmanager again though i would like someone to look over my log toe ease my fears..thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:09 AM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Styler\Styler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coair.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VaCtrls] v7
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [48f294e7] rundll32.exe "C:\WINDOWS\system32\loidpski.dll",b
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Ssxsfd] C:\WINDOWS\?ymbols\n?tepad.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Startup: Styler.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 5947 bytes

Edited by booya, 03 November 2007 - 07:24 AM.


#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 09 November 2007 - 12:55 PM

booya

Your PC is infected

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#5 booya

booya
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 09 November 2007 - 10:41 PM

here ya go...

ComboFix 07-11-08.3 - BCC 2007-11-09 22:19:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1526 [GMT -5:00]
Running from: C:\Documents and Settings\BCC\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\inetget2
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\WINDOWS\stem32~1
C:\WINDOWS\stem32~1\??stem32\
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.tmp
C:\WINDOWS\system32\ddcbcax.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\qqtwa.bak1
C:\WINDOWS\system32\qqtwa.bak2
C:\WINDOWS\system32\qqtwa.ini
C:\WINDOWS\system32\qqtwa.ini2
C:\WINDOWS\system32\qqtwa.tmp
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.ini2
C:\WINDOWS\system32\utvwa.tmp
C:\WINDOWS\system32\winlogo.exe
C:\WINDOWS\ymbols~1
C:\z.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.

2007-11-09 22:17 88,128 --a------ C:\WINDOWS\system32\pwrwuheo.dll
2007-11-09 22:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-09 22:11 77,888 --a------ C:\WINDOWS\system32\gmgqxveu.dll
2007-11-09 22:09 71,232 --a------ C:\WINDOWS\system32\xivtvrnb.exe
2007-11-09 09:38 88,128 --a------ C:\WINDOWS\system32\mwfavqsx.dll
2007-11-09 09:35 77,888 --a------ C:\WINDOWS\system32\qfubymox.dll
2007-11-09 09:27 71,232 --a------ C:\WINDOWS\system32\sjpbcmqo.exe
2007-11-09 06:07 77,888 --a------ C:\WINDOWS\system32\fcmilbwd.dll
2007-11-09 06:04 88,128 --a------ C:\WINDOWS\system32\ddswydvy.dll
2007-11-09 05:56 71,232 --a------ C:\WINDOWS\system32\yjcdxnfv.exe
2007-11-09 05:33 77,888 --a------ C:\WINDOWS\system32\cuvjmwri.dll
2007-11-09 05:30 71,232 --a------ C:\WINDOWS\system32\mwsqikcl.exe
2007-11-08 22:21 80,448 --a------ C:\WINDOWS\system32\afajoatd.dll
2007-11-08 22:18 86,080 --a------ C:\WINDOWS\system32\ekbjaqyp.dll
2007-11-08 22:10 71,232 --a------ C:\WINDOWS\system32\pchcwvjb.exe
2007-11-08 08:33 86,080 --a------ C:\WINDOWS\system32\lcnxkmqf.dll
2007-11-08 08:27 80,448 --a------ C:\WINDOWS\system32\hgrptijv.dll
2007-11-08 08:26 71,232 --a------ C:\WINDOWS\system32\pccymvps.exe
2007-11-08 06:48 80,448 --a------ C:\WINDOWS\system32\qhmbnvro.dll
2007-11-08 06:45 86,080 --a------ C:\WINDOWS\system32\wwkudpwj.dll
2007-11-07 18:58 <DIR> d-------- C:\Program Files\Activision
2007-11-07 08:57 86,080 --a------ C:\WINDOWS\system32\fhbvtqbg.dll
2007-11-07 08:57 79,936 --a------ C:\WINDOWS\system32\igxxldpn.dll
2007-11-07 08:52 71,232 --a------ C:\WINDOWS\system32\jqbxqwdr.exe
2007-11-07 02:24 79,936 --a------ C:\WINDOWS\system32\masvhpkj.dll
2007-11-07 02:21 86,080 --a------ C:\WINDOWS\system32\jobpticl.dll
2007-11-07 02:13 71,232 --a------ C:\WINDOWS\system32\jydqtcei.exe
2007-11-06 08:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-06 08:29 <DIR> d-------- C:\Program Files\CCleaner
2007-11-06 07:41 81,472 --a------ C:\WINDOWS\system32\kohgfvaf.dll
2007-11-05 22:06 83,008 --a------ C:\WINDOWS\system32\hjbiosaw.dll
2007-11-05 09:25 83,008 --a------ C:\WINDOWS\system32\fmgnmqej.dll
2007-11-03 07:01 269 --a------ C:\WINDOWS\system32\4304.bat
2007-11-03 06:57 269 --a------ C:\WINDOWS\system32\4051.bat
2007-11-03 06:51 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-11-03 06:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-03 06:51 8,899,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-03 06:51 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-03 06:51 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-03 06:51 55,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-03 06:50 <DIR> d-------- C:\KAV
2007-11-02 19:52 269 --a------ C:\WINDOWS\system32\5243.bat
2007-11-02 18:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-02 18:32 <DIR> d-------- C:\Documents and Settings\BCC\.housecall6.6
2007-11-02 17:46 <DIR> d-------- C:\WINDOWS\pss
2007-11-02 16:09 269 --a------ C:\WINDOWS\system32\5166.bat
2007-11-02 16:09 84 --a------ C:\n.bat
2007-11-02 16:09 0 --a------ C:\z.dat
2007-11-02 16:08 <DIR> d-------- C:\WINDOWS\system32\Mz06r
2007-11-02 16:08 <DIR> d-------- C:\Temp\mZOr
2007-11-02 16:08 <DIR> d-------- C:\Temp
2007-11-02 16:08 <DIR> d--hs---- C:\Documents and Settings\BCC\Complete
2007-10-31 07:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-31 07:32 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-11 12:02 <DIR> d-------- C:\Program Files\iTunes
2007-10-11 12:02 <DIR> d-------- C:\Program Files\iPod
2007-10-10 04:43 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 03:25 6,284 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-10 03:25 121,280 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-10 03:25 --------- d-----w C:\Documents and Settings\BCC\Application Data\WTablet
2007-11-09 16:45 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-08 00:11 22,328 ----a-w C:\Documents and Settings\BCC\Application Data\PnkBstrK.sys
2007-11-08 00:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-05 00:04 --------- d-----w C:\Program Files\Viewpoint
2007-11-05 00:04 --------- d-----w C:\Program Files\AIM6
2007-11-05 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-05 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-04 09:30 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-04 00:15 --------- d-----w C:\Program Files\Styler
2007-11-02 21:20 --------- d-----w C:\Program Files\LimeWire
2007-11-02 20:37 --------- d-----w C:\Program Files\Common Files\stardock
2007-11-02 12:14 --------- d-----w C:\Documents and Settings\BCC\Application Data\IconTweaker
2007-11-02 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\IconTweaker
2007-10-29 03:56 --------- d-----w C:\Program Files\Java
2007-09-26 22:53 --------- d-----w C:\Documents and Settings\BCC\Application Data\InstallShield
2007-09-26 22:53 --------- d-----w C:\Documents and Settings\BCC\Application Data\Codemasters
2007-09-26 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-09-26 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-26 22:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-23 04:37 --------- d-----w C:\Program Files\DivX
2007-09-21 12:31 --------- d-----w C:\Program Files\Sierra Entertainment
2007-09-18 18:59 --------- d-----w C:\Program Files\Electronic Arts
2007-09-14 18:38 --------- d-----w C:\Documents and Settings\BCC\Application Data\Bioshock
2007-09-14 12:10 --------- d-----w C:\Program Files\Apple Software Update
2007-09-04 17:17 1 ----a-w C:\Documents and Settings\BCC\SI.bin
2007-03-27 13:28:03 8 --sh--r C:\WINDOWS\system32\0A0EF025FD.sys
2007-08-08 19:07:42 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00F02F33-CE32-43A6-9C48-ADDFF6169A15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C007EB-278E-47AB-884F-CE0BD7396254}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14C5B87E-7829-4EDB-B023-5FC3BC7CCB3A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25997E08-274A-4217-8F71-C89C754242C1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{291C5CA2-21BC-43B4-806C-A5D711173861}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EED9A0C-401F-4A16-9828-11A12AA61A20}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b30bcac-54ac-4997-a374-9c3b4bc0da70}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{814989c8-8153-4f8c-be6a-69d3bbf858b3}]
2007-11-09 22:11 77888 --a------ C:\WINDOWS\system32\gmgqxveu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87883902-CA5B-4E19-94AA-6E0F4DB892C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0D1BEFF-503D-4390-9E50-83319B443CFF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D50BD722-0929-4B03-A0A5-16E75A34D433}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-06 17:56]
"nwiz"="nwiz.exe" [2007-09-06 17:56 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 16:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 16:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 15:49]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-06 17:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 11:51]
"48f294e7"="C:\WINDOWS\system32\vdsopmlh.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-26 16:41]
"Aim6"="" []
"Ssxsfd"="C:\WINDOWS\?ymbols\n?tepad.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-04-27 04:59 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbcax]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-15 18:56 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoq32]
winhoq32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1908493c-d3ff-11db-8cf7-806d6172696f}]
\Shell\AutoRun\command - E:\SETUP.EXE /UPDATE

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 22:22:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 22:33:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-09 22:40:12 - machine was rebooted
.
--- E O F ---

Edited by booya, 09 November 2007 - 10:42 PM.


#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 12 November 2007 - 08:40 AM

booya

Sorry for the delay

1. Open NotePad (not wordpad). Copy and paste the following into Notepad (not the word code)
File::
C:\WINDOWS\system32\pwrwuheo.dll
C:\WINDOWS\system32\gmgqxveu.dll
C:\WINDOWS\system32\xivtvrnb.exe
C:\WINDOWS\system32\mwfavqsx.dll
C:\WINDOWS\system32\qfubymox.dll
C:\WINDOWS\system32\sjpbcmqo.exe
C:\WINDOWS\system32\fcmilbwd.dll
C:\WINDOWS\system32\ddswydvy.dll
C:\WINDOWS\system32\yjcdxnfv.exe
C:\WINDOWS\system32\cuvjmwri.dll
C:\WINDOWS\system32\mwsqikcl.exe
C:\WINDOWS\system32\afajoatd.dll
C:\WINDOWS\system32\ekbjaqyp.dll
C:\WINDOWS\system32\pchcwvjb.exe
C:\WINDOWS\system32\lcnxkmqf.dll
C:\WINDOWS\system32\hgrptijv.dll
C:\WINDOWS\system32\pccymvps.exe
C:\WINDOWS\system32\qhmbnvro.dll
C:\WINDOWS\system32\wwkudpwj.dll
C:\WINDOWS\system32\fhbvtqbg.dll
C:\WINDOWS\system32\igxxldpn.dll
C:\WINDOWS\system32\jqbxqwdr.exe
C:\WINDOWS\system32\masvhpkj.dll
C:\WINDOWS\system32\jobpticl.dll
C:\WINDOWS\system32\jydqtcei.exe
C:\WINDOWS\system32\kohgfvaf.dll
C:\WINDOWS\system32\hjbiosaw.dll
C:\WINDOWS\system32\fmgnmqej.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{814989c8-8153-4f8c-be6a-69d3bbf858b3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"48f294e7"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=-
"Ssxsfd"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoq32]
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Posted Image
Microsoft MVP - Windows Security

#7 booya

booya
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 12 November 2007 - 10:13 AM

here you go

ComboFix 07-11-08.3 - BCC 2007-11-12 9:58:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1488 [GMT -5:00]
Running from: C:\Documents and Settings\BCC\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\BCC\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\afajoatd.dll
C:\WINDOWS\system32\cuvjmwri.dll
C:\WINDOWS\system32\ddswydvy.dll
C:\WINDOWS\system32\ekbjaqyp.dll
C:\WINDOWS\system32\fcmilbwd.dll
C:\WINDOWS\system32\fhbvtqbg.dll
C:\WINDOWS\system32\fmgnmqej.dll
C:\WINDOWS\system32\gmgqxveu.dll
C:\WINDOWS\system32\hgrptijv.dll
C:\WINDOWS\system32\hjbiosaw.dll
C:\WINDOWS\system32\igxxldpn.dll
C:\WINDOWS\system32\jobpticl.dll
C:\WINDOWS\system32\jqbxqwdr.exe
C:\WINDOWS\system32\jydqtcei.exe
C:\WINDOWS\system32\kohgfvaf.dll
C:\WINDOWS\system32\lcnxkmqf.dll
C:\WINDOWS\system32\masvhpkj.dll
C:\WINDOWS\system32\mwfavqsx.dll
C:\WINDOWS\system32\mwsqikcl.exe
C:\WINDOWS\system32\pccymvps.exe
C:\WINDOWS\system32\pchcwvjb.exe
C:\WINDOWS\system32\pwrwuheo.dll
C:\WINDOWS\system32\qfubymox.dll
C:\WINDOWS\system32\qhmbnvro.dll
C:\WINDOWS\system32\sjpbcmqo.exe
C:\WINDOWS\system32\wwkudpwj.dll
C:\WINDOWS\system32\xivtvrnb.exe
C:\WINDOWS\system32\yjcdxnfv.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\afajoatd.dll
C:\WINDOWS\system32\cuvjmwri.dll
C:\WINDOWS\system32\ddswydvy.dll
C:\WINDOWS\system32\ekbjaqyp.dll
C:\WINDOWS\system32\fcmilbwd.dll
C:\WINDOWS\system32\fhbvtqbg.dll
C:\WINDOWS\system32\fmgnmqej.dll
C:\WINDOWS\system32\gmgqxveu.dll
C:\WINDOWS\system32\hgrptijv.dll
C:\WINDOWS\system32\hjbiosaw.dll
C:\WINDOWS\system32\igxxldpn.dll
C:\WINDOWS\system32\jobpticl.dll
C:\WINDOWS\system32\jqbxqwdr.exe
C:\WINDOWS\system32\jydqtcei.exe
C:\WINDOWS\system32\kohgfvaf.dll
C:\WINDOWS\system32\lcnxkmqf.dll
C:\WINDOWS\system32\masvhpkj.dll
C:\WINDOWS\system32\mwfavqsx.dll
C:\WINDOWS\system32\mwsqikcl.exe
C:\WINDOWS\system32\pccymvps.exe
C:\WINDOWS\system32\pchcwvjb.exe
C:\WINDOWS\system32\pwrwuheo.dll
C:\WINDOWS\system32\qfubymox.dll
C:\WINDOWS\system32\qhmbnvro.dll
C:\WINDOWS\system32\sjpbcmqo.exe
C:\WINDOWS\system32\wwkudpwj.dll
C:\WINDOWS\system32\xivtvrnb.exe
C:\WINDOWS\system32\yjcdxnfv.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
.

2007-11-09 22:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 18:58 <DIR> d-------- C:\Program Files\Activision
2007-11-06 08:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-06 08:29 <DIR> d-------- C:\Program Files\CCleaner
2007-11-03 07:01 269 --a------ C:\WINDOWS\system32\4304.bat
2007-11-03 06:57 269 --a------ C:\WINDOWS\system32\4051.bat
2007-11-03 06:50 <DIR> d-------- C:\KAV
2007-11-02 19:52 269 --a------ C:\WINDOWS\system32\5243.bat
2007-11-02 18:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-02 18:32 <DIR> d-------- C:\Documents and Settings\BCC\.housecall6.6
2007-11-02 17:46 <DIR> d-------- C:\WINDOWS\pss
2007-11-02 16:09 269 --a------ C:\WINDOWS\system32\5166.bat
2007-11-02 16:09 84 --a------ C:\n.bat
2007-11-02 16:09 0 --a------ C:\z.dat
2007-11-02 16:08 <DIR> d-------- C:\WINDOWS\system32\Mz06r
2007-11-02 16:08 <DIR> d-------- C:\Temp\mZOr
2007-11-02 16:08 <DIR> d-------- C:\Temp
2007-11-02 16:08 <DIR> d--hs---- C:\Documents and Settings\BCC\Complete
2007-10-31 07:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-31 07:32 <DIR> d-------- C:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 15:03 --------- d-----w C:\Documents and Settings\BCC\Application Data\WTablet
2007-11-12 11:25 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-08 00:11 22,328 ----a-w C:\Documents and Settings\BCC\Application Data\PnkBstrK.sys
2007-11-08 00:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-05 00:04 --------- d-----w C:\Program Files\Viewpoint
2007-11-05 00:04 --------- d-----w C:\Program Files\AIM6
2007-11-05 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-05 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-04 09:30 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-04 00:15 --------- d-----w C:\Program Files\Styler
2007-11-02 21:20 --------- d-----w C:\Program Files\LimeWire
2007-11-02 20:37 --------- d-----w C:\Program Files\Common Files\stardock
2007-11-02 12:14 --------- d-----w C:\Documents and Settings\BCC\Application Data\IconTweaker
2007-11-02 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\IconTweaker
2007-10-29 03:56 --------- d-----w C:\Program Files\Java
2007-10-11 17:02 --------- d-----w C:\Program Files\iTunes
2007-10-11 17:02 --------- d-----w C:\Program Files\iPod
2007-09-26 22:53 --------- d-----w C:\Documents and Settings\BCC\Application Data\InstallShield
2007-09-26 22:53 --------- d-----w C:\Documents and Settings\BCC\Application Data\Codemasters
2007-09-26 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-09-26 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-26 22:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-23 04:37 --------- d-----w C:\Program Files\DivX
2007-09-21 12:31 --------- d-----w C:\Program Files\Sierra Entertainment
2007-09-18 18:59 --------- d-----w C:\Program Files\Electronic Arts
2007-09-14 18:38 --------- d-----w C:\Documents and Settings\BCC\Application Data\Bioshock
2007-09-14 12:10 --------- d-----w C:\Program Files\Apple Software Update
2007-09-04 17:17 1 ----a-w C:\Documents and Settings\BCC\SI.bin
2007-03-27 13:28:03 8 --sh--r C:\WINDOWS\system32\0A0EF025FD.sys
2007-08-08 19:07:42 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-09_22.34.27.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-09 16:45:21 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
+ 2007-11-12 11:25:05 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00F02F33-CE32-43A6-9C48-ADDFF6169A15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C007EB-278E-47AB-884F-CE0BD7396254}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14C5B87E-7829-4EDB-B023-5FC3BC7CCB3A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{291C5CA2-21BC-43B4-806C-A5D711173861}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EED9A0C-401F-4A16-9828-11A12AA61A20}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5b30bcac-54ac-4997-a374-9c3b4bc0da70}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87883902-CA5B-4E19-94AA-6E0F4DB892C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D50BD722-0929-4B03-A0A5-16E75A34D433}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-06 17:56]
"nwiz"="nwiz.exe" [2007-09-06 17:56 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 16:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 16:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 15:49]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-06 17:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-26 16:41]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-04-27 04:59 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-15 18:56 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1908493c-d3ff-11db-8cf7-806d6172696f}]
\Shell\AutoRun\command - E:\SETUP.EXE /UPDATE

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 22:22:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 10:03:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-12 10:05:48 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-09 22:40
.
--- E O F ---

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 12 November 2007 - 10:19 AM

booya

Looking good

Please perform an Ewido Online Malware Scan
  • When a dialog box appears asking you if you would like to download and install the ewido anti-spyware online scanner please click Yes to allow the download.
  • Click on Start Scan.
  • after the scan completes i twill produce a log for you, copy and paste the results of that scan as a reply to this thread
  • If any infections are found, (After you save the logfile), Click on Remove Infections.

Posted Image
Microsoft MVP - Windows Security

#9 booya

booya
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 13 November 2007 - 05:13 AM

ive scanned with Ewido but it didnt produce a log after the scan...so im rescanning again to see if I missed it initially...

#10 booya

booya
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 13 November 2007 - 07:24 AM

oops nevermind i did miss it the first time around...here ya go

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Revsci
Path: :mozilla.10:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.11:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.12:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.13:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.14:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.15:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.16:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.17:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.18:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.19:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.20:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.21:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.22:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.23:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.24:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.25:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.26:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.27:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.28:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.29:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.30:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.31:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.32:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.33:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.34:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.66:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.67:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.68:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.69:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.70:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.71:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.72:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.73:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.74:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.75:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.76:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.77:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.78:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.79:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.80:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.81:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.82:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.83:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.84:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.85:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.86:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.87:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.88:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.89:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.90:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.91:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.92:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.93:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.94:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.95:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.96:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.97:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.98:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.99:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.100:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.101:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.102:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.103:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.104:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.105:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.106:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.107:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.108:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.109:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.110:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.111:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.112:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.113:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.114:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.115:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: :mozilla.124:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.139:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.140:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.141:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.142:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.143:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.144:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.145:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.146:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.147:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.148:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.149:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.150:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.151:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.152:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.154:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.155:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.156:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.157:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.158:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.159:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.160:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.161:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.162:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.164:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.165:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.166:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.167:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.168:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.169:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.170:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.171:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.174:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.175:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.178:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.179:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.180:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.181:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.182:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.184:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.185:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.186:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.187:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.190:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.192:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.193:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.194:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.195:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.196:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.197:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.198:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.199:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.200:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.201:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.202:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realmedia
Path: :mozilla.203:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.204:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.205:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.211:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.212:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.213:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.214:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.215:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Valuead
Path: :mozilla.216:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.296:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.297:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.298:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.299:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.300:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.301:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.302:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: :mozilla.333:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Addynamix
Path: :mozilla.334:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.351:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Imrworldwide
Path: :mozilla.352:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.353:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.374:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.375:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.376:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.404:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.405:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.421:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.422:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.423:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.424:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.425:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.539:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickhype
Path: :mozilla.546:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.580:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.635:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.636:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.637:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.638:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.639:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.640:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.641:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.642:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.643:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.644:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.645:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.646:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.647:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafficmp
Path: :mozilla.648:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Webtrends
Path: :mozilla.666:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.735:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.820:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.821:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.822:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.824:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Euroclick
Path: :mozilla.825:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.870:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.871:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.872:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.873:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.874:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.875:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: :mozilla.876:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.882:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.883:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.884:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.885:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.886:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.887:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.888:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.889:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.890:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.891:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.892:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.893:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.894:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.895:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.896:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.897:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.898:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.899:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.900:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.901:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.902:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.903:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.904:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.905:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.906:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.907:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.908:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.909:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.910:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.911:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.912:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.913:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.914:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.915:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.916:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.917:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.918:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.919:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.920:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.921:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.922:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.923:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.924:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.925:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.926:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.927:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.928:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.929:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.930:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.931:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.932:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.933:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.934:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.935:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.936:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.937:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.938:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.939:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adrevolver
Path: :mozilla.940:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.941:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.942:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.943:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.944:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.945:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.946:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.947:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.958:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.959:C:\Documents and Settings\BCC\Application Data\Mozilla\Firefox\Profiles\xhl08wz7.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\BCC\Cookies\bcc@doubleclick[1].txt
Risk: Medium

Name: Logger.Peflog.30
Path: C:\System Volume Information\_restore{F68EBF87-3580-4F7A-9D55-DF8A1BF846AE}\RP282\A0035796.exe
Risk: High

Name: Adware.Aws
Path: F:\System Volume Information\_restore{F68EBF87-3580-4F7A-9D55-DF8A1BF846AE}\RP282\A0035797.dll
Risk: Medium

#11 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 13 November 2007 - 09:00 AM

booya

Could I see a fresh Hijackthis log

And in your reply give me an update on how your PC is running now
Posted Image
Microsoft MVP - Windows Security

#12 booya

booya
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 13 November 2007 - 09:41 AM

runs a bit smoother now...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:49 AM, on 11/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coair.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {00F02F33-CE32-43A6-9C48-ADDFF6169A15} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10C007EB-278E-47AB-884F-CE0BD7396254} - (no file)
O2 - BHO: (no name) - {14C5B87E-7829-4EDB-B023-5FC3BC7CCB3A} - (no file)
O2 - BHO: (no name) - {291C5CA2-21BC-43B4-806C-A5D711173861} - (no file)
O2 - BHO: (no name) - {2EED9A0C-401F-4A16-9828-11A12AA61A20} - (no file)
O2 - BHO: (no name) - {5b30bcac-54ac-4997-a374-9c3b4bc0da70} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {87883902-CA5B-4E19-94AA-6E0F4DB892C9} - (no file)
O2 - BHO: (no name) - {D50BD722-0929-4B03-A0A5-16E75A34D433} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6442 bytes

#13 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 13 November 2007 - 10:16 AM

booya

Excellent, just some junk to clean up.

1. Rerun Hijackthis (scan only) and place checks beside the following entriesO2 - BHO: (no name) - {00F02F33-CE32-43A6-9C48-ADDFF6169A15} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {10C007EB-278E-47AB-884F-CE0BD7396254} - (no file)
O2 - BHO: (no name) - {14C5B87E-7829-4EDB-B023-5FC3BC7CCB3A} - (no file)
O2 - BHO: (no name) - {291C5CA2-21BC-43B4-806C-A5D711173861} - (no file)
O2 - BHO: (no name) - {2EED9A0C-401F-4A16-9828-11A12AA61A20} - (no file)
O2 - BHO: (no name) - {5b30bcac-54ac-4997-a374-9c3b4bc0da70} - (no file)
O2 - BHO: (no name) - {87883902-CA5B-4E19-94AA-6E0F4DB892C9} - (no file)
O2 - BHO: (no name) - {D50BD722-0929-4B03-A0A5-16E75A34D433} - (no file)

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
Posted Image
Microsoft MVP - Windows Security

#14 booya

booya
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 13 November 2007 - 11:19 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:09 AM, on 11/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coair.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5693 bytes

#15 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 13 November 2007 - 03:18 PM

booya

You may now remove/delete/uninstall the tools we used to clean your PC

Now that your log is clean

There are some final notes:
Disable and Enable System RestoreLets create a clean System Restore point
the instructions are here
Update your Anti Virus Software

Use and maintain a Firewall There is a list HEREAll of which are free
Download and install SiteHound by Firetrust for protection against malicious websites.

Pick the version that matches your browser

Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basisTo a disc or a USB key, not your Hardrive
You may want to read this article"So how did I get infected in the first place" by Tony Klein

surf safe
Posted Image
Microsoft MVP - Windows Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users