Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijack log here [CLOSED]

Started by inite , Oct 07 2005 04:55 AM

  • This topic is locked This topic is locked

#1
inite
Posted 07 October 2005 - 04:55 AM

inite

    Member

  • Member
  • PipPipPip
  • 409 posts

Logfile of HijackThis v1.99.1
Scan saved at 6:55:00 PM, on 10/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Documents and Settings\Inite\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - D:\Program Files\FlashCapture\fcbho.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://D:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - D:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117052785713
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Is it safe?

Btw, any one know if i can remove this program, cos i was using a trial version, now expired but i cant uninstall nor add/remove

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

Edited by inite, 07 October 2005 - 04:57 AM.

  • 0

Advertisements

#2
inite
Posted 07 October 2005 - 10:39 AM

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
up
  • 0

#3
inite
Posted 07 October 2005 - 07:44 PM

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
hmm?
  • 0

#4
inite
Posted 08 October 2005 - 01:09 AM

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
lots of virus?
  • 0

#5
inite
Posted 12 October 2005 - 05:19 AM

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
anyone? =/
  • 0

#6
inite
Posted 15 October 2005 - 01:09 PM

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
hmm?
  • 0

#7
John_L
Posted 15 October 2005 - 02:13 PM

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello Inite :tazz:

Sorry busy place sometimes it takes awhile to get to logs.

Since it's been a few days can you please post a new hijack log.
  • 0

#8
inite
Posted 16 October 2005 - 11:06 AM

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
Hi,

Ok np. Understood, thats y i was trying to catch attention =p

Heres the new log:

Logfile of HijackThis v1.99.1
Scan saved at 1:05:49 AM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Diablo II\Diablo II.exe
C:\Documents and Settings\Inite\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - D:\Program Files\FlashCapture\fcbho.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://D:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - D:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4029B52D-5935-46B6-94F2-AB702CBE6646} (CAddressBook Object) - http://www.fillmyclo...AddressBook.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117052785713
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


  • 0

#9
John_L
Posted 16 October 2005 - 11:16 AM

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello Inite :)

No problems there that i can see, Congrats you are clean :tazz:
  • 0

#10
inite
Posted 17 October 2005 - 10:57 AM

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
wow ? lol, i've alot of pop-ups telling me theres a virus here and there and that it has cleaned it, so i thought i should have alot more lying around.

but its good to know that im clean =)
  • 0

#11
John_L
Posted 17 October 2005 - 06:29 PM

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hi Inite :tazz:

Ok what i can see in that log there is nothing there to remove. But if you say there is then there is. So first things first, do you have anything disabled in msconfig? If you do re-enable them.

Secondly, lets run a tool and i will see exactly if anything there is.

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

When this is finished show me a new hijack log and the ewido results please. :)
  • 0

#12
inite
Posted 19 October 2005 - 01:07 AM

inite

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 409 posts
Heres the ewido report :

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:04:44 PM, 10/19/2005
+ Report-Checksum: 12D82295

+ Scan result:

C:\Documents and Settings\Inite\Cookies\inite@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Inite\Cookies\inite@xxxcounter[1].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Inite\Local Settings\Temporary Internet Files\Content.IE5\V95KK3A3\mm[2].js -> Spyware.Chitika : Cleaned with backup
:mozilla.56:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.76:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.77:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.86:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.94:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.101:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.102:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.103:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.104:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.122:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.125:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.136:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.137:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.159:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.160:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.161:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.162:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.169:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.170:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.195:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.208:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.209:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.210:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.211:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.212:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.213:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.214:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.215:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.216:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.217:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.218:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.219:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.258:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.259:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.260:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.261:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.267:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.268:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.284:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.286:C:\Documents and Settings\User X\Application Data\Mozilla\Firefox\Profiles\m6z8nh3s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\WINDOWS\system32\ClientAX.dl$ -> Spyware.180Solutions : Cleaned with backup
D:\backups\backup-20050114-084237-477.dll -> Spyware.MyWay : Cleaned with backup
D:\backups\backup-20050114-084237-819.dll -> Spyware.Neon : Cleaned with backup
D:\backups\backup-20050114-084237-948.dll -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
D:\System Volume Information\_restore{696249D7-4F85-4DE6-8D3F-723C5421573A}\RP60\A0005922.exe -> Backdoor.IRC.Smev.a : Cleaned with backup


::Report End


Heres hijack's report :

Logfile of HijackThis v1.99.1
Scan saved at 3:06:28 PM, on 10/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\Inite\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - D:\Program Files\FlashCapture\fcbho.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save F&lash with FlashCapture - res://D:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - D:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4029B52D-5935-46B6-94F2-AB702CBE6646} (CAddressBook Object) - http://www.fillmyclo...AddressBook.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117052785713
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Does 79 infected files sounds bad or are they mainly safe?
  • 0

#13
John_L
Posted 19 October 2005 - 05:41 PM

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hello again :)

Nope that log looks a lot worse than it actually is :tazz: most of it was cookies. So tell me did that clear any of your problems up or no? If not then please post a new log and we can bash on.
  • 0

#14
John_L
Posted 26 October 2005 - 06:23 AM

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP