Hijack and AVG Logs

•

What is DaniWeb IT Discussion Community?

You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 401,502 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,264 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.

Join our community!

Thread Tools Display Modes

Views: 1352 | Replies: 6

•

Join Date: Feb 2006

Posts: 13

Reputation: buntain is an unknown quantity at this point

Rep Power: 3

Solved Threads: 0

buntain

Offline

Newbie Poster

Hijack and AVG Logs

Dec 8th, 2007

I meant to do this awhile ago but have been busy with school and stuff. Norton Anti-virus found some stuff on my computer- a few med. risk things and high-risk thing and so I did a HijackThis log and scanned using AVG but it wouldn't let me save the new report (once I press "Apply All Actions" the save report becomes gray...and I can't remember how it showed up the first time (I followed the directions listed both times). Anyway so the only report from AVG I have is from Oct. 27th. I'm not sure what to get rid of to get the nasties off my computer... Here are the reports though:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:02:19 PM 10/27/2007

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{CAD07FE9-6CBE-706E-AD3F-ABD30C3C2C92} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:gbopxd -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:trwvzx -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\_MSRSTRT.EXE:umksmb -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Hogwarts HW_class HW\.jpi_cache\jar\1.0\jrl.jar-1a4a38bb-4b68deda.zip/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Hogwarts HW_class HW\.jpi_cache\jar\1.0\jrl.jar-1a4a38bb-4b68deda.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Hogwarts HW_class HW\.jpi_cache\jar\1.0\menu.jr-70bd7dd6-35219f56.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@etoys.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@etoys.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@kaboose.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@livenation.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@meetupcom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@saxogreensboro.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@shopping.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@viacomedycentralrl.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ads.adbrite[3].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@rotator.adjuggler[3].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.28:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\Melissa\5rk5t1qp.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.29:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\Melissa\5rk5t1qp.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.30:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\Melissa\5rk5t1qp.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.31:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\Melissa\5rk5t1qp.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.32:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\Melissa\5rk5t1qp.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.33:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\Melissa\5rk5t1qp.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.34:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\Melissa\5rk5t1qp.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.96:C:\Documents and Settings\Missy\Application Data\Mozilla\Profiles\default\nad6p36p.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ads50.bpath[2].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@music.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ads.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.87:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.77:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.78:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.79:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.80:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wbkouidjaco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wcliujdjihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wfl4eid5ego.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wgl4agcpghp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wjk4gldpoao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wjk4gpcjehp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wjkyqicjehp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wjny-1jazcd.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wjny-1kd5sl.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wjnyejajeaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wjnyohcjalp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wjnyojdzgdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wjnyoldpigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@e-2dj6wjnyoodzklq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ehg-dig.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ehg-etoys.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ehg-etoys.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ehg-hitent.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ehg-newscientist.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ehg-wachovia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ehg-wachovia.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ehg-youtube.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.252:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.253:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.84:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.85:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.86:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@real[3].txt -> TrackingCookie.Real : Cleaned.
:mozilla.71:C:\Documents and Settings\Missy\Application Data\Mozilla\Profiles\default\nad6p36p.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.72:C:\Documents and Settings\Missy\Application Data\Mozilla\Profiles\default\nad6p36p.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@realmedia[3].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.10:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.11:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.12:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.13:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.14:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.15:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.16:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.9:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.184:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.185:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.186:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.187:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.188:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.189:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.167:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.48:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.49:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.50:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.51:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@anad.tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.43:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\Melissa\5rk5t1qp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.44:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\Melissa\5rk5t1qp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.45:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\Melissa\5rk5t1qp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.23:C:\Documents and Settings\Hogwarts HW_class HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.87:C:\Documents and Settings\Missy\Application Data\Mozilla\Profiles\default\nad6p36p.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:42 PM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Hogwarts HW_class HW\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.neopets.com"); (C:\Documents and Settings\HOGWARTS HW_CLASS HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\HOGWARTS HW_CLASS HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [cloudsim] C:\WINDOWS\System32\cloudsim.exe
O4 - HKUS\S-1-5-18\..\Run: [The Intranet] intranet.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ufow] C:\PROGRA~1\COMMON~1\ufow\ufowm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CU1] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CU2] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [The Intranet] intranet.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [The Intranet] intranet.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [The Intranet] intranet.exe (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136572769414
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoape.com/uptool/apeUploader.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9063 bytes

•

Join Date: Feb 2004

Location: Oztralya

Posts: 7,712

Reputation: crunchie is a jewel in the rough

Rep Power: 22

Solved Threads: 420

crunchie

Offline

Spyware Killer

Re: Hijack and AVG Logs

Dec 8th, 2007

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\System32\cloudsim.exe
C:\PROGRA~1\COMMON~1\ufow\ufowm.exe

Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster

Please do not PM me for help. Instead, post in the public forum where others may benefit.

•

Join Date: Feb 2006

Posts: 13

Reputation: buntain is an unknown quantity at this point

Rep Power: 3

Solved Threads: 0

buntain

Offline

Newbie Poster

Re: Hijack and AVG Logs

Dec 9th, 2007

both say: The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file.

I actually couldn't find the first one when I searched it myself and the second had a different extension.

•

Join Date: Feb 2004

Location: Oztralya

Posts: 7,712

Reputation: crunchie is a jewel in the rough

Rep Power: 22

Solved Threads: 420

crunchie

Offline

Spyware Killer

Re: Hijack and AVG Logs

Dec 9th, 2007

Can you please do the following.

===============

Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender

===============

Scan with HijackThis and then place a check next to all the following, if present:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Policies\Explorer\Run: [cloudsim] C:\WINDOWS\System32\cloudsim.exe
O4 - HKUS\S-1-5-18\..\Run: [ufow] C:\PROGRA~1\COMMON~1\ufow\ufowm.exe (User 'SYSTEM')

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

When your done, rescan your system and make sure the following isn't present:

N3 - Netscape ... 5CSBWeb_01.src (or) 5CSBWeb_02.src

If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in red that needs to be removed.

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\PROGRA~1\COMMON~1\ufow

files...

C:\WINDOWS\System32\cloudsim.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

•

Join Date: Feb 2006

Posts: 13

Reputation: buntain is an unknown quantity at this point

Rep Power: 3

Solved Threads: 0

buntain

Offline

Newbie Poster

Re: Hijack and AVG Logs

Dec 9th, 2007

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:58 PM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hogwarts HW_class HW\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.neopets.com"); (C:\Documents and Settings\HOGWARTS HW_CLASS HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\HOGWARTS HW_CLASS HW\Application Data\Mozilla\Profiles\default\zn7p22je.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [The Intranet] intranet.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CU1] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CU2] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [The Intranet] intranet.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [The Intranet] intranet.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [The Intranet] intranet.exe (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1136572769414
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoape.com/uptool/apeUploader.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8719 bytes

and new AVG-figured out how to get the report, I think.

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:16:30 PM 12/9/2007

+ Scan result:

C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Hogwarts HW_class HW\Cookies\hogwarts_hw_class_hw@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Netscape still freezes quite a bit and I'm not sure why.

•

Join Date: Feb 2004

Location: Oztralya

Posts: 7,712

Reputation: crunchie is a jewel in the rough

Rep Power: 22

Solved Threads: 420

crunchie

Offline

Spyware Killer

Re: Hijack and AVG Logs

Dec 10th, 2007

Log looks ok now and to be honest, I have no idea what may be wrong with Netscape. I have had nothing ever to do with it.

•

Join Date: Feb 2006

Posts: 13

Reputation: buntain is an unknown quantity at this point

Rep Power: 3

Solved Threads: 0

buntain

Offline

Newbie Poster

Re: Hijack and AVG Logs

Dec 10th, 2007

Thanks. (Hmmm, Netscape is probably just tempermental, lol.)

•

Only community members can participate in forum threads. You must register or log in to contribute.

•

DaniWeb Viruses, Spyware and other Nasties Marketplace

•

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

•

Thread Tools	Display Modes
Show Printable Version Email this Page	Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads

ICON.EXE - Hijack this log attached - HELP PLS !!! (Viruses, Spyware and other Nasties)
Need Some Help - Clean Up Needed (Viruses, Spyware and other Nasties)
Hijack This (Viruses, Spyware and other Nasties)
Hijack This Log Attached (Viruses, Spyware and other Nasties)
Explorer.exe trouble - Have Hijack This Log... (Viruses, Spyware and other Nasties)
command service help with a hijack log (Viruses, Spyware and other Nasties)
Trojan Horse Downloader.small.44.bw & 44.j (Viruses, Spyware and other Nasties)
Think I have big problems with spyware (Viruses, Spyware and other Nasties)

Other Threads in the Viruses, Spyware and other Nasties Forum

Previous Thread: Hidden torrent programs?
Next Thread: Hijacked? Hijackthis log help please

DaniWeb Home > Forums > Tech Talk > Microsoft Windows > Viruses, Spyware and...

Hijack and AVG Logs

Hijack and AVG Logs

Re: Hijack and AVG Logs

Re: Hijack and AVG Logs

Re: Hijack and AVG Logs

Re: Hijack and AVG Logs

Re: Hijack and AVG Logs

Re: Hijack and AVG Logs