Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Into A Dangerous Site


  • This topic is locked This topic is locked
5 replies to this topic

#1 Alpha_Blue

Alpha_Blue

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 12 January 2006 - 12:30 AM

I ran into a dangerous website which changed my O15 protocols to the My Computer Zone rather than the Internet Zone and tried to install a number of exploits (one of which was WMF exploit but failed since i had the patch and since Mcafee blocked em all)

Anyways to make a long story, short, I installed MSAS beta and Ewido anti-malware and here are the latest HJT logs ( I think I might be clean...just wanting to make sure):


Logfile of HijackThis v1.99.1
Scan saved at 11:10:34 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
F1 - win.ini: run= C:\C&C\INSTICON.EXE
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\InCD\InCD.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124827125921
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:05:58 AM, 1/12/2006
+ Report-Checksum: A7541411

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKU\S-1-5-21-507921405-1078081533-725345543-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-507921405-1078081533-725345543-1003\Software\share_bwp -> Spyware.BigWebPortal : Cleaned with backup
HKU\S-1-5-21-507921405-1078081533-725345543-1003\Software\share_bwp\ffffaaa -> Spyware.BigWebPortal : Cleaned with backup
HKU\S-1-5-21-507921405-1078081533-725345543-1003\Software\share_bwp\iiii -> Spyware.BigWebPortal : Cleaned with backup
HKU\S-1-5-21-507921405-1078081533-725345543-1003\Software\share_bwp\kkkk -> Spyware.BigWebPortal : Cleaned with backup
HKU\S-1-5-21-507921405-1078081533-725345543-1003\Software\share_bwp\pppp -> Spyware.BigWebPortal : Cleaned with backup
HKU\S-1-5-21-507921405-1078081533-725345543-1003\Software\share_bwp\ssss -> Spyware.BigWebPortal : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
-> : Error during cleaning
:mozilla.192:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Administrator.KMX\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
:mozilla.8:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.24:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.26:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.27:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.29:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.30:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.31:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.32:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.33:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.42:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.43:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.44:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.69:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
-> : Error during cleaning
:mozilla.96:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.97:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.98:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.99:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.100:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.118:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup
:mozilla.120:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup
:mozilla.149:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.152:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.153:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.171:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.192:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
:mozilla.199:C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla\Profiles\default\na62wt1t.slt\cookies.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\6bi8oqm7.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\6bi8oqm7.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\6bi8oqm7.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\6bi8oqm7.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\6bi8oqm7.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Guest\Application Data\Mozilla\Profiles\default\6bi8oqm7.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\HJT\backups\backup-20050918-142301-387.dll -> Spyware.Comet : Cleaned with backup
C:\HJT\backups\backup-20050918-142302-535.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup


::Report End

Edited by Alpha_Blue, 12 January 2006 - 03:11 AM.


BC AdBot (Login to Remove)

 


#2 Mat2

Mat2

    Malware Fighter


  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Derbyshire, UK
  • Local time:09:43 AM

Posted 20 January 2006 - 06:13 PM

Welcome to the forum. I am checking your log now and will return as soon as I have researched all the items.

While we are working together, please ....
  • Reply to this thread. Do not start a new topic.
  • If you are unsure of what to do, stop and ask! Don't keep going on.
  • Be patient. HijackThis logs take some time to research.
Please note the following:
  • I will be working on your Malware issues: This may or may not, solve other issues you may have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine is clear. (Absence of symptoms does not mean that everything is clear.)
  • The process may take considerable time.

Mat2



Posted Image

#3 Mat2

Mat2

    Malware Fighter


  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Derbyshire, UK
  • Local time:09:43 AM

Posted 20 January 2006 - 06:24 PM

Hi

Can you do the following

Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted.  (If deleted, you will likely need to reenter your passwords at all sites
    where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
Also can you run ewido again as follows
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

Can post the log from ewido back here, also can you lets us know how your computer is running. thanks
Mat2



Posted Image

#4 Mat2

Mat2

    Malware Fighter


  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Derbyshire, UK
  • Local time:09:43 AM

Posted 30 January 2006 - 05:39 AM

Hi

I am contacting you to see if you still require the help, as i have not heard anything from you.

If you do still need help, please can you Copy/Paste a new HJT Log, back here in this thread.


Do Not Start a New Topic


Regards
Mat2



Posted Image

#5 Alpha_Blue

Alpha_Blue
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:43 AM

Posted 31 January 2006 - 01:18 AM

Sorry about that Matt it turns out I was able to fix it and i totally forgot about this- I am fine now and the O15's are back to normal.

I have CCleaner and i run it regularly, and i ran ewido also, and i'm fine

Thanks for the help though, sorry to make you wait so long and feel free to close this topic cause i no longer need help.

#6 Mat2

Mat2

    Malware Fighter


  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Derbyshire, UK
  • Local time:09:43 AM

Posted 31 January 2006 - 04:24 AM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Mat2



Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users