HiJack and Sweeper log

  1. 23-03-2006  #1
    woody uk
    woody uk is offline Newbie

    HiJack and Sweeper log

    Hi
    from a previos post i was asked to post a NEW hijack and sweeper post for each PC so that i could be advised accordingly

    Thanks in anticipation of your help

    Logfile of HijackThis v1.99.1
    Scan saved at 18:46:05, on 23/03/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Symantec\ACT\SideACT.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Tash Majors\Desktop\LB\Hi Jack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: SideACT!.lnk = C:\Program Files\Symantec\ACT\SideACT.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
    O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    PLUS this from Spy Sweeper

    ********
    18:05: | Start of Session, 23 March 2006 |
    18:05: Spy Sweeper started
    18:05: Sweep initiated using definitions version 640
    18:05: Starting Memory Sweep
    18:10: Memory Sweep Complete, Elapsed Time: 00:04:33
    18:10: Starting Registry Sweep
    18:10: Found System Monitor: blazing tools xp logon logger
    18:10: HKLM\software\bt\ (3 subtraces) (ID = 105271)
    18:10: Registry Sweep Complete, Elapsed Time:00:00:40
    18:10: Starting Cookie Sweep
    18:10: Found Spy Cookie: 247realmedia cookie
    18:10: tash majors@247realmedia[1].txt (ID = 1953)
    18:10: Found Spy Cookie: yieldmanager cookie
    18:10: tash majors@ad.yieldmanager[2].txt (ID = 3751)
    18:10: Found Spy Cookie: adrevolver cookie
    18:10: tash majors@adrevolver[1].txt (ID = 2088)
    18:10: tash majors@adrevolver[3].txt (ID = 2088)
    18:10: Found Spy Cookie: adtech cookie
    18:10: tash majors@adtech[2].txt (ID = 2155)
    18:10: Found Spy Cookie: apmebf cookie
    18:10: tash majors@apmebf[1].txt (ID = 2229)
    18:10: Found Spy Cookie: falkag cookie
    18:10: tash majors@as-us.falkag[1].txt (ID = 2650)
    18:10: Found Spy Cookie: belnk cookie
    18:10: tash majors@belnk[1].txt (ID = 2292)
    18:10: Found Spy Cookie: bluestreak cookie
    18:10: tash majors@bluestreak[2].txt (ID = 2314)
    18:10: Found Spy Cookie: casalemedia cookie
    18:10: tash majors@casalemedia[1].txt (ID = 2354)
    18:10: tash majors@dist.belnk[2].txt (ID = 2293)
    18:10: Found Spy Cookie: realmedia cookie
    18:10: tash majors@realmedia[1].txt (ID = 3235)
    18:10: Found Spy Cookie: tribalfusion cookie
    18:10: tash majors@tribalfusion[1].txt (ID = 3589)
    18:10: tash majors@yieldmanager[1].txt (ID = 3749)
    18:10: Cookie Sweep Complete, Elapsed Time: 00:00:02
    18:10: Starting File Sweep
    18:35: Found Adware: ist yoursitebar
    18:35: 00307668.zip (ID = 258153)
    18:37: File Sweep Complete, Elapsed Time: 00:26:45
    18:37: Full Sweep has completed. Elapsed time 00:32:11
    18:37: Traces Found: 19
    18:40: Removal process initiated
    18:40: Quarantining All Traces: blazing tools xp logon logger
    18:40: Quarantining All Traces: ist yoursitebar
    18:40: Quarantining All Traces: 247realmedia cookie
    18:40: Quarantining All Traces: adrevolver cookie
    18:40: Quarantining All Traces: adtech cookie
    18:40: Quarantining All Traces: apmebf cookie
    18:40: Quarantining All Traces: belnk cookie
    18:40: Quarantining All Traces: bluestreak cookie
    18:40: Quarantining All Traces: casalemedia cookie
    18:40: Quarantining All Traces: falkag cookie
    18:40: Quarantining All Traces: realmedia cookie
    18:40: Quarantining All Traces: tribalfusion cookie
    18:40: Quarantining All Traces: yieldmanager cookie
    18:40: Removal process completed. Elapsed time 00:00:13
    ********
    17:59: | Start of Session, 23 March 2006 |
    17:59: Spy Sweeper started
    18:00: Your spyware definitions have been updated.
    18:05: | End of Session, 23 March 2006 |

  3. 23-03-2006  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Items found by SS were mostly low risk cookies.


    HijackThis log looks clean. Do you have any obvious remaining issues with this PC?
  4. 24-03-2006  #3
    woody uk
    woody uk is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    Hi
    No issues now with this PC
    Many Thanks for you Help
    Donation on its way soon

    Thanks
    Woody
+ Reply to Thread
« New user, looking for help to clean friends computer | Problems with ADWARE.LOP(RESOLVED) »