Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Desktop and IE Settings Changed by Hijacker


  • Please log in to reply

#31
ThaWacky

ThaWacky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
don77,

Here is my Spy Sweeper Log:

********
7:11 PM: |··· Start of Session, Saturday, August 06, 2005 ···|
7:11 PM: Spy Sweeper started
7:11 PM: Sweep initiated using definitions version 511
7:11 PM: Starting Memory Sweep
7:13 PM: Memory Sweep Complete, Elapsed Time: 00:01:21
7:13 PM: Starting Registry Sweep
7:13 PM: Found Adware: cws_analyzeie
7:13 PM: HKCR\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116873)
7:13 PM: HKLM\software\classes\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116895)
7:13 PM: Found Adware: hiwire
7:13 PM: HKCR\typelib\{f5ee52d3-2ecc-409e-a92f-a73f2b8dd407}\ (9 subtraces) (ID = 127166)
7:13 PM: Found Adware: internet washer dependency
7:13 PM: HKCR\.te\ (ID = 128872)
7:13 PM: Found Adware: psguard desktop hijacker
7:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet update\ (3 subtraces) (ID = 136964)
7:13 PM: HKLM\software\psguard.com\ (6 subtraces) (ID = 136965)
7:13 PM: Found Adware: psguard
7:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\psguard\ || displayname (ID = 136972)
7:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\psguard\ || uninstallstring (ID = 136973)
7:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\psguard\ (2 subtraces) (ID = 136975)
7:13 PM: HKLM\software\pguard.com\ (14 subtraces) (ID = 136976)
7:13 PM: Registry Sweep Complete, Elapsed Time:00:00:11
7:13 PM: Starting Cookie Sweep
7:13 PM: Found Spy Cookie: yieldmanager cookie
7:13 PM: the dee@ad.yieldmanager[2].txt (ID = 3751)
7:13 PM: Found Spy Cookie: adknowledge cookie
7:13 PM: the dee@adknowledge[1].txt (ID = 2072)
7:13 PM: Found Spy Cookie: cc214142 cookie
7:13 PM: the dee@ads.cc214142[1].txt (ID = 2367)
7:13 PM: Found Spy Cookie: atwola cookie
7:13 PM: the dee@atwola[1].txt (ID = 2255)
7:13 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:13 PM: Starting File Sweep
7:18 PM: File Sweep Complete, Elapsed Time: 00:05:07
7:18 PM: Full Sweep has completed. Elapsed time 00:06:44
7:18 PM: Traces Found: 48
7:19 PM: Removal process initiated
7:19 PM: Quarantining All Traces: cws_analyzeie
7:19 PM: Quarantining All Traces: hiwire
7:19 PM: Quarantining All Traces: internet washer dependency
7:19 PM: Quarantining All Traces: psguard desktop hijacker
7:19 PM: Quarantining All Traces: psguard
7:19 PM: Quarantining All Traces: yieldmanager cookie
7:19 PM: Quarantining All Traces: adknowledge cookie
7:19 PM: Quarantining All Traces: cc214142 cookie
7:19 PM: Quarantining All Traces: atwola cookie
7:19 PM: Removal process completed. Elapsed time 00:00:15
********
7:07 PM: |··· Start of Session, Saturday, August 06, 2005 ···|
7:07 PM: Spy Sweeper started
  • 0

Advertisements


#32
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
That cleaned up a lot of garbage !!
Lets just have a look at a fresh HJT log,
How is the machine running now ?
  • 0

#33
ThaWacky

ThaWacky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hey don77,

I swear I posted this yesterday, but when I looked it wasn't up.

Yes, it did take out a lot of junk. I really appreciate you working so hard with me on getting my machine back in order. It runs a lot better and I am learning a lot from this experience.

HIJACKTHIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 11:38:15 PM, on 8/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Documents and Settings\The Dee\Desktop\HijackThis.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#34
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
You seem to be missing quite a few of your start ups, Did you disable them through Msconfig ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP