Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » My Hijack this log...

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

My Hijack this log...

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 13-11-2005, 10:09 AM
Newbie
D-A-L Newbie
  
Join Date: Nov 2005
Posts: 2
jbritz22 Is a beginner here at D-A-L
My Hijack this log...
My computer has been acting very slow, and I have been seeing strange files popping up all over the place. Heres my hijack this log :


First, heres an error I got when I was running hijackthis, I got like three to five of these errors in a row:

An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.



Heres my log:

Logfile of HijackThis v1.99.1
Scan saved at 3:04:33 AM, on 13/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Program Files\HijackThis!\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\System32\autoupdatev2.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2EE0812-B274-4969-8EAC-D2597AC4E5D9}: NameServer = 192.168.1.1,192.168.1.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 13-11-2005, 04:14 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: My Hijack this log...
Quote:
Please email me at merijn@spywareinfo.com
THat is a message from the developer of HiJackThis. Such feedback enables him to improve and fix any operating issues.



While you are having these problems I would suggest the following:

Disable/stop running or uninstall (Add/Remove in Control Panel):
MESSENGERPLUS3
LimeWire.exe

If you installed Messengerplus3 with sponsors it would be a good idea to remove and re-install without sponsors.



Lets do some initial cleaning of the HJT log.


SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O4 - HKCU\..\Run: [AUTOUPDATEV2] C:\WINDOWS\System32\autoupdatev2.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
  • Temporary Internet Files
  • Downloaded Program Files
  • Recycle Bin
  • Temporary Files
Click OK or Enter



Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


DELETE FILES:
C:\WINDOWS\System32\autoupdatev2.exe



You appear to have selectively disabled some running items in MSCONFIG. Please re-enable all such items so that we can deal with any items of concern.

REBOOT.
Run the following anti-virus/malware tools:

Get the stinger here:
http://vil.nai.com/vil/stinger/

Download it to another computer if need be, and bring it to the affected computer on floppy disk.

It will kill the top 40 virus files if any are found there


Then,
Please use Internet Explorer and go to the Ewido Online Malware Scan:
http://www.ewido.net/en/onlinescan
--Active X must be allowed for this scan to work
  • Click the yellow Start button in the lower left of the page
  • Click yes when prompted to download the Ewido Software
  • Once installed click Start Scan
  • After the scan is finished Please click Save Report, save the log and post it for us in your next reply.
  • Make sure all bad files/entries are checked and click Remove Infections
Post a log from the Ewido scan.




POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 14-11-2005, 12:24 AM
Newbie
D-A-L Newbie
  
Join Date: Nov 2005
Posts: 2
jbritz22 Is a beginner here at D-A-L
Re: My Hijack this log...
Heres the ewido logfile:

__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________


Name: Spyware.Cookie.2o7
Path: C:\Documents and Settings\Jeremy\Cookies\jeremy@2o7[1].txt
Risk: Medium

Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\Jeremy\Cookies\jeremy@doubleclick[1].txt
Risk: Medium

Name: Spyware.Cookie.Xxxtoolbar
Path: C:\Documents and Settings\Jeremy\Cookies\jeremy@xxxtoolbar[1].txt
Risk: Medium

Name: Spyware.Cookie.Atdmt
Path: :mozilla.15:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Casalemedia
Path: :mozilla.16:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Casalemedia
Path: :mozilla.19:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Casalemedia
Path: :mozilla.20:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Casalemedia
Path: :mozilla.21:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Casalemedia
Path: :mozilla.22:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Casalemedia
Path: :mozilla.23:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Casalemedia
Path: :mozilla.24:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Casalemedia
Path: :mozilla.25:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Casalemedia
Path: :mozilla.26:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Casalemedia
Path: :mozilla.27:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Fastclick
Path: :mozilla.28:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Fastclick
Path: :mozilla.29:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Fastclick
Path: :mozilla.30:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Fastclick
Path: :mozilla.31:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.32:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.33:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.34:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.35:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.37:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Advertising
Path: :mozilla.38:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Doubleclick
Path: :mozilla.42:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.50:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.51:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.52:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.53:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.56:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.63:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Tribalfusion
Path: :mozilla.69:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Tribalfusion
Path: :mozilla.70:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Tribalfusion
Path: :mozilla.71:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Tribalfusion
Path: :mozilla.72:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Burstnet
Path: :mozilla.78:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Burstnet
Path: :mozilla.79:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Com
Path: :mozilla.93:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Com
Path: :mozilla.94:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Targetnet
Path: :mozilla.96:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Targetnet
Path: :mozilla.97:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Targetnet
Path: :mozilla.98:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Pointroll
Path: :mozilla.101:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Pointroll
Path: :mozilla.102:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Pointroll
Path: :mozilla.103:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Mediaplex
Path: :mozilla.104:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Centrport
Path: :mozilla.107:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Googleadservices
Path: :mozilla.114:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.2o7
Path: :mozilla.124:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Trafficmp
Path: :mozilla.125:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Trafficmp
Path: :mozilla.126:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Trafficmp
Path: :mozilla.127:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Trafficmp
Path: :mozilla.128:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.Cookie.Trafficmp
Path: :mozilla.129:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium

Name: Spyware.NewDotNet
Path: C:\Documents and Settings\Jeremy\Local Settings\Temp\SHNT288.exe
Risk: High

Name: Spyware.WebHancer
Path: C:\Documents and Settings\Jeremy\Local Settings\Temp\wh.exe/whAgent.exe
Risk: High

Name: Downloader.INService
Path: C:\RECYCLER\S-1-5-21-1060284298-1682526488-1708537768-1004\Dc961.exe
Risk: High

Name: Spyware.WebHancer
Path: C:\WINDOWS\webhdll.dll
Risk: High

And heres the updated hijackthis logfile:


Logfile of HijackThis v1.99.1
Scan saved at 5:22:36 PM, on 13/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HijackThis!\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2EE0812-B274-4969-8EAC-D2597AC4E5D9}: NameServer = 192.168.1.1,192.168.1.2
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)


My question is, why didnt avg or spybot detect any of these?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 15-11-2005, 06:09 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: My Hijack this log...
Hi,

If the version of Limewire is the older version you need to get rid of that or you never will be clean.

Remove it from add/remove program same with Messengerplus3 if installed with sponsors.

Download CCleaner from here:
http://www.majorgeeks.com/download4191.html
or here:
http://www.filehippo.com/download_ccleaner.html


Install and run it. The windows tab should be opened in the upper left of the program. Click analyze and then click run cleaner. Just use the windows tab that is up front by default.

1.Uncheck "Cookies" under "Internet Explorer".

2.If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".

The Ewido scan shows you did not allow it to remove problems it found. Please re-scan with Ewido and remove all it finds. Stay with it and when it finds something click remove.

Then: post a new hijackthis log please. Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
about:blank hijack - Hijack this log muzikmann Spyware, Adware, Viruses and HijackThis Logs 3 02-09-2004 06:47 PM


All times are GMT +1. The time now is 04:22 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav