My Hijack this log...
-
My Hijack this log...
My computer has been acting very slow, and I have been seeing strange files popping up all over the place. Heres my hijack this log :
First, heres an error I got when I was running hijackthis, I got like three to five of these errors in a row:
An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #5 - Invalid procedure call or argument
Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.1
This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
Heres my log:
Logfile of HijackThis v1.99.1
Scan saved at 3:04:33 AM, on 13/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Program Files\HijackThis!\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [autoupdatev2] C:\WINDOWS\System32\autoupdatev2.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2EE0812-B274-4969-8EAC-D2597AC4E5D9}: NameServer = 192.168.1.1,192.168.1.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
-
THat is a message from the developer of HiJackThis. Such feedback enables him to improve and fix any operating issues.
While you are having these problems I would suggest the following:
Disable/stop running or uninstall (Add/Remove in Control Panel):
MESSENGERPLUS3
LimeWire.exe
If you installed Messengerplus3 with sponsors it would be a good idea to remove and re-install without sponsors.
Lets do some initial cleaning of the HJT log.
SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O4 - HKCU\..\Run: [AUTOUPDATEV2] C:\WINDOWS\System32\autoupdatev2.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.
HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here
SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).
Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):
Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for: - Temporary Internet Files
- Downloaded Program Files
- Recycle Bin
- Temporary Files
Click OK or Enter
Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):
DELETE FILES:
C:\WINDOWS\System32\autoupdatev2.exe
You appear to have selectively disabled some running items in MSCONFIG. Please re-enable all such items so that we can deal with any items of concern.
REBOOT.
Run the following anti-virus/malware tools:
Get the stinger here:
http://vil.nai.com/vil/stinger/
Download it to another computer if need be, and bring it to the affected computer on floppy disk.
It will kill the top 40 virus files if any are found there
Then,
Please use Internet Explorer and go to the Ewido Online Malware Scan:
http://www.ewido.net/en/onlinescan
--Active X must be allowed for this scan to work
- Click the yellow Start button in the lower left of the page
- Click yes when prompted to download the Ewido Software
- Once installed click Start Scan
- After the scan is finished Please click Save Report, save the log and post it for us in your next reply.
- Make sure all bad files/entries are checked and click Remove Infections
Post a log from the Ewido scan.
POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.
-
Heres the ewido logfile:
__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________
Name: Spyware.Cookie.2o7
Path: C:\Documents and Settings\Jeremy\Cookies\jeremy@2o7[1].txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\Jeremy\Cookies\jeremy@doubleclick[1].txt
Risk: Medium
Name: Spyware.Cookie.Xxxtoolbar
Path: C:\Documents and Settings\Jeremy\Cookies\jeremy@xxxtoolbar[1].txt
Risk: Medium
Name: Spyware.Cookie.Atdmt
Path: :mozilla.15:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Casalemedia
Path: :mozilla.16:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Casalemedia
Path: :mozilla.19:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Casalemedia
Path: :mozilla.20:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Casalemedia
Path: :mozilla.21:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Casalemedia
Path: :mozilla.22:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Casalemedia
Path: :mozilla.23:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Casalemedia
Path: :mozilla.24:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Casalemedia
Path: :mozilla.25:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Casalemedia
Path: :mozilla.26:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Casalemedia
Path: :mozilla.27:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Fastclick
Path: :mozilla.28:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Fastclick
Path: :mozilla.29:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Fastclick
Path: :mozilla.30:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Fastclick
Path: :mozilla.31:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Advertising
Path: :mozilla.32:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Advertising
Path: :mozilla.33:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Advertising
Path: :mozilla.34:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Advertising
Path: :mozilla.35:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Advertising
Path: :mozilla.37:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Advertising
Path: :mozilla.38:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Doubleclick
Path: :mozilla.42:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.50:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.51:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.52:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.53:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.56:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Yieldmanager
Path: :mozilla.63:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Tribalfusion
Path: :mozilla.69:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Tribalfusion
Path: :mozilla.70:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Tribalfusion
Path: :mozilla.71:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Tribalfusion
Path: :mozilla.72:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Burstnet
Path: :mozilla.78:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Burstnet
Path: :mozilla.79:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Com
Path: :mozilla.93:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Com
Path: :mozilla.94:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Targetnet
Path: :mozilla.96:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Targetnet
Path: :mozilla.97:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Targetnet
Path: :mozilla.98:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Pointroll
Path: :mozilla.101:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Pointroll
Path: :mozilla.102:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Pointroll
Path: :mozilla.103:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Mediaplex
Path: :mozilla.104:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Centrport
Path: :mozilla.107:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Googleadservices
Path: :mozilla.114:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.2o7
Path: :mozilla.124:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Trafficmp
Path: :mozilla.125:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Trafficmp
Path: :mozilla.126:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Trafficmp
Path: :mozilla.127:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Trafficmp
Path: :mozilla.128:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.Cookie.Trafficmp
Path: :mozilla.129:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\da67oin8.default\coo kies.txt
Risk: Medium
Name: Spyware.NewDotNet
Path: C:\Documents and Settings\Jeremy\Local Settings\Temp\SHNT288.exe
Risk: High
Name: Spyware.WebHancer
Path: C:\Documents and Settings\Jeremy\Local Settings\Temp\wh.exe/whAgent.exe
Risk: High
Name: Downloader.INService
Path: C:\RECYCLER\S-1-5-21-1060284298-1682526488-1708537768-1004\Dc961.exe
Risk: High
Name: Spyware.WebHancer
Path: C:\WINDOWS\webhdll.dll
Risk: High
And heres the updated hijackthis logfile:
Logfile of HijackThis v1.99.1
Scan saved at 5:22:36 PM, on 13/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HijackThis!\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2EE0812-B274-4969-8EAC-D2597AC4E5D9}: NameServer = 192.168.1.1,192.168.1.2
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
My question is, why didnt avg or spybot detect any of these?
-
Hi,
If the version of Limewire is the older version you need to get rid of that or you never will be clean.
Remove it from add/remove program same with Messengerplus3 if installed with sponsors.
Download CCleaner from here:
http://www.majorgeeks.com/download4191.html
or here:
http://www.filehippo.com/download_ccleaner.html
Install and run it. The windows tab should be opened in the upper left of the program. Click analyze and then click run cleaner. Just use the windows tab that is up front by default.
1.Uncheck "Cookies" under "Internet Explorer".
2.If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".
The Ewido scan shows you did not allow it to remove problems it found. Please re-scan with Ewido and remove all it finds. Stay with it and when it finds something click remove.
Then: post a new hijackthis log please. Thanks.
