My Hijack This log<:>Reffered by GRAPH;<'s

Started by Geowil, March 31, 2006, 01:08:55 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Geowil

March 31, 2006, 01:08:55 AM
Logfile of HijackThis v1.99.1
Scan saved at 6:13:57 PM, on 3/30/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\System32\ZoneLabs\vsmon.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Documents and Settings\Geowil\Desktop\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] D:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] D:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [YCentral] d:\progra~1\yahoo!\YCentral\YahooCentral.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative MediaSource Go] D:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager]  -quiet
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143689669963
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143684828244
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - D:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MySQL5 - Unknown owner - D:\Program.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

http://www.landzdown.com/index.php?topic=6447.0

Geowil

#1
March 31, 2006, 01:19:38 AM
also my ewido log report, mostly (if not all) tracking cookies


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         6:26:06 PM, 3/30/2006
+ Report-Checksum:      408B129F

+ Scan result:

   :mozilla.9:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bwwp1ngg.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned without backup
   :mozilla.10:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bwwp1ngg.default\cookies.txt -> TrackingCookie.Spylog : Cleaned without backup
   :mozilla.15:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bwwp1ngg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup
   :mozilla.19:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bwwp1ngg.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned without backup
   :mozilla.20:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bwwp1ngg.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned without backup
   :mozilla.21:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bwwp1ngg.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned without backup
   :mozilla.23:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bwwp1ngg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
   :mozilla.24:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bwwp1ngg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
   :mozilla.25:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bwwp1ngg.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup
   :mozilla.32:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bwwp1ngg.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
   :mozilla.43:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bwwp1ngg.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned without backup
   :mozilla.44:D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bwwp1ngg.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup
   :mozilla.7:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
   :mozilla.8:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
   :mozilla.9:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
   :mozilla.10:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
   :mozilla.11:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
   :mozilla.12:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
   :mozilla.13:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
   :mozilla.14:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
   :mozilla.15:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
   :mozilla.16:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
   :mozilla.17:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
   :mozilla.18:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup
   :mozilla.19:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned without backup
   :mozilla.20:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned without backup
   :mozilla.21:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned without backup
   :mozilla.29:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup
   :mozilla.36:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Trafic : Cleaned without backup
   :mozilla.37:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
   :mozilla.38:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
   :mozilla.39:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
   :mozilla.40:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
   :mozilla.41:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup
   :mozilla.59:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Overture : Cleaned without backup
   :mozilla.60:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Overture : Cleaned without backup
   :mozilla.66:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned without backup
   :mozilla.67:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
   :mozilla.68:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
   :mozilla.69:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned without backup
   :mozilla.70:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
   :mozilla.71:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
   :mozilla.72:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
   :mozilla.73:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned without backup
   :mozilla.74:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned without backup
   :mozilla.76:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
   :mozilla.79:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
   :mozilla.80:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
   :mozilla.81:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
   :mozilla.82:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
   :mozilla.83:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
   :mozilla.84:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
   :mozilla.104:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned without backup
   :mozilla.105:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned without backup
   :mozilla.106:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned without backup
   :mozilla.107:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned without backup
   :mozilla.108:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned without backup
   :mozilla.109:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Valuead : Cleaned without backup
   :mozilla.115:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned without backup
   :mozilla.122:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
   :mozilla.123:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
   :mozilla.124:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
   :mozilla.125:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
   :mozilla.126:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
   :mozilla.127:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
   :mozilla.128:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
   :mozilla.129:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
   :mozilla.136:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned without backup
   :mozilla.137:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned without backup
   :mozilla.138:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned without backup
   :mozilla.143:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned without backup
   :mozilla.147:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Com : Cleaned without backup
   :mozilla.167:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Overture : Cleaned without backup
   :mozilla.177:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned without backup
   :mozilla.183:D:\Documents and Settings\Geowil\Application Data\Mozilla\Firefox\Profiles\1lbic76y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned without backup
   D:\Documents and Settings\Geowil\Cookies\geowil@2o7[2].txt -> TrackingCookie.2o7 : Cleaned without backup
   D:\Documents and Settings\Geowil\Cookies\geowil@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned without backup
   D:\Documents and Settings\Geowil\Cookies\geowil@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned without backup
   D:\Documents and Settings\Geowil\Cookies\geowil@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned without backup
   D:\Documents and Settings\Geowil\Cookies\geowil@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned without backup
   D:\Documents and Settings\Geowil\Cookies\geowil@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned without backup
   D:\Documents and Settings\Geowil\Cookies\geowil@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned without backup
   D:\Documents and Settings\Geowil\Cookies\geowil@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned without backup


::Report End

HJThis

#2
April 12, 2006, 08:59:53 PM
Hello,Geowil & Welcome

HijackThis MUST be moved to a folder of its own where it can save backups.
Rightclick on an empty space on your C:\Drive & choose New > Folder
Name it HJT
Rightclick HijackThis.exe, choose Cut.
Doubleclick (to open) the folder you created.
Rightclick inside and choose Paste.

The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft.com/windowsxp/downloa...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

Gogo
Print
Go Up Pages1
User actions