hijack it log

**greyishue** · 18-12-2007

NoLop Log

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\TEMP\Desktop
[12/18/2007]
[9:07:29 PM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A7606DFC919BE7BC.job
C:\WINDOWS\tasks\AFD470939187E1B7.job
C:\WINDOWS\tasks\AFF0C22491FF73E0.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator.dell-0xukcrtv2v\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Administrator.dell-0xukcrtv2v\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Downloaded Installations -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Iolo -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Mailfrontier -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Sectaskman
C:\Documents and Settings\All Users\Application Data\Sony Corporation
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Superantispyware.com
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Udl
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Wlinstaller
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Jiaming\Application Data\Identities
C:\Documents and Settings\Jiaming\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Jiaming\Application Data\Macromedia
C:\Documents and Settings\Jiaming\Application Data\Microsoft
C:\Documents and Settings\Jiaming\Application Data\Sonic
C:\Documents and Settings\Jiaming\Application Data\Sun
C:\Documents and Settings\Localservice\Application Data\Avg7
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Peiying_2\Application Data\Adobe
C:\Documents and Settings\Peiying_2\Application Data\Adobeum
C:\Documents and Settings\Peiying_2\Application Data\Avg7
C:\Documents and Settings\Peiying_2\Application Data\Datalayer
C:\Documents and Settings\Peiying_2\Application Data\Epson
C:\Documents and Settings\Peiying_2\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Peiying_2\Application Data\Identities
C:\Documents and Settings\Peiying_2\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Peiying_2\Application Data\Macromedia
C:\Documents and Settings\Peiying_2\Application Data\Microsoft
C:\Documents and Settings\Peiying_2\Application Data\Mozilla
C:\Documents and Settings\Peiying_2\Application Data\Nokia
C:\Documents and Settings\Peiying_2\Application Data\Pc Suite
C:\Documents and Settings\Peiying_2\Application Data\Real
C:\Documents and Settings\Peiying_2\Application Data\Registry Defender
C:\Documents and Settings\Peiying_2\Application Data\Smart Panel
C:\Documents and Settings\Peiying_2\Application Data\Sonic
C:\Documents and Settings\Peiying_2\Application Data\Sun
C:\Documents and Settings\Peiying_2\Application Data\Talkback
C:\Documents and Settings\Peiying_2\Application Data\Trend Micro
C:\Documents and Settings\Peiying_2\Application Data\U3
C:\Documents and Settings\Temp\Application Data\.bittorrent
C:\Documents and Settings\Temp\Application Data\Adobe
C:\Documents and Settings\Temp\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Temp\Application Data\Avg7
C:\Documents and Settings\Temp\Application Data\Corel
C:\Documents and Settings\Temp\Application Data\Cyberlink
C:\Documents and Settings\Temp\Application Data\Datalayer
C:\Documents and Settings\Temp\Application Data\Epson
C:\Documents and Settings\Temp\Application Data\Executivesoftware
C:\Documents and Settings\Temp\Application Data\Fujifilm
C:\Documents and Settings\Temp\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Temp\Application Data\Identities
C:\Documents and Settings\Temp\Application Data\Installshield
C:\Documents and Settings\Temp\Application Data\Iolo -- EMPTY Directory
C:\Documents and Settings\Temp\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Temp\Application Data\Leadertech
C:\Documents and Settings\Temp\Application Data\Macromedia
C:\Documents and Settings\Temp\Application Data\Media Player Classic
C:\Documents and Settings\Temp\Application Data\Microsoft
C:\Documents and Settings\Temp\Application Data\Mozilla
C:\Documents and Settings\Temp\Application Data\Msn6
C:\Documents and Settings\Temp\Application Data\Nch Swift Sound
C:\Documents and Settings\Temp\Application Data\Nokia
C:\Documents and Settings\Temp\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Temp\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Temp\Application Data\Pc Suite
C:\Documents and Settings\Temp\Application Data\Real
C:\Documents and Settings\Temp\Application Data\Registry Defender
C:\Documents and Settings\Temp\Application Data\Smart Panel
C:\Documents and Settings\Temp\Application Data\Sonic
C:\Documents and Settings\Temp\Application Data\Sony Corporation
C:\Documents and Settings\Temp\Application Data\Sun
C:\Documents and Settings\Temp\Application Data\Superantispyware.com
C:\Documents and Settings\Temp\Application Data\Talkback
C:\Documents and Settings\Temp\Application Data\Uniblue

File imsins.BAK received on 12.18.2007 14:19:10 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2007.12.18.11 2007.12.18 -
AntiVir 7.6.0.45 2007.12.18 -
Authentium 4.93.8 2007.12.18 -
Avast 4.7.1098.0 2007.12.17 -
AVG 7.5.0.503 2007.12.17 -
BitDefender 7.2 2007.12.18 -
CAT-QuickHeal 9.00 2007.12.17 -
ClamAV 0.91.2 2007.12.18 -
DrWeb 4.44.0.09170 2007.12.18 -
eSafe 7.0.15.0 2007.12.17 -
eTrust-Vet 31.3.5385 2007.12.18 -
Ewido 4.0 2007.12.18 -
FileAdvisor 1 2007.12.18 -
Fortinet 3.14.0.0 2007.12.18 -
F-Prot 4.4.2.54 2007.12.18 -
F-Secure 6.70.13030.0 2007.12.18 -
Ikarus T3.1.1.15 2007.12.18 -
Kaspersky 7.0.0.125 2007.12.18 -
McAfee 5187 2007.12.17 -
Microsoft 1.3109 2007.12.18 -
NOD32v2 2730 2007.12.18 -
Norman 5.80.02 2007.12.17 -
Panda 9.0.0.4 2007.12.18 -
Prevx1 V2 2007.12.18 -
Rising 20.23.12.00 2007.12.18 -
Sophos 4.24.0 2007.12.18 -
Sunbelt 2.2.907.0 2007.12.18 -
Symantec 10 2007.12.18 -
TheHacker 6.2.9.162 2007.12.17 -
VBA32 3.12.2.5 2007.12.17 -
VirusBuster 4.3.26:9 2007.12.17 -
Webwasher-Gateway 6.6.2 2007.12.18 -

Additional information
File size: 1393 bytes
MD5: 4636b633d425a048219c11208050425b
SHA1: 481c1ca291c1e9d830306edb02ff2963b1d94291
PEiD: -

File setupapi.log.1.old received on 12.18.2007 14:37:50 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2007.12.18.11 2007.12.18 -
AntiVir 7.6.0.45 2007.12.18 -
Authentium 4.93.8 2007.12.18 -
Avast 4.7.1098.0 2007.12.17 -
AVG 7.5.0.503 2007.12.17 -
BitDefender 7.2 2007.12.18 -
CAT-QuickHeal 9.00 2007.12.17 -
ClamAV 0.91.2 2007.12.18 -
DrWeb 4.44.0.09170 2007.12.18 -
eSafe 7.0.15.0 2007.12.17 -
eTrust-Vet 31.3.5385 2007.12.18 -
Ewido 4.0 2007.12.18 -
FileAdvisor 1 2007.12.18 -
Fortinet 3.14.0.0 2007.12.18 -
F-Prot 4.4.2.54 2007.12.18 -
F-Secure 6.70.13030.0 2007.12.18 -
Ikarus T3.1.1.15 2007.12.18 -
Kaspersky 7.0.0.125 2007.12.18 -
McAfee 5187 2007.12.17 -
Microsoft 1.3109 2007.12.18 -
NOD32v2 2730 2007.12.18 -
Norman 5.80.02 2007.12.17 -
Panda 9.0.0.4 2007.12.18 -
Prevx1 V2 2007.12.18 -
Rising 20.23.12.00 2007.12.18 -
Sophos 4.24.0 2007.12.18 -
Sunbelt 2.2.907.0 2007.12.18 -
Symantec 10 2007.12.18 -
TheHacker 6.2.9.162 2007.12.17 -
VBA32 3.12.2.5 2007.12.17 -
VirusBuster 4.3.26:9 2007.12.17 -
Webwasher-Gateway 6.6.2 2007.12.18 -

Additional information
File size: 1405129 bytes
MD5: 9de66a705cdb438753ca64e4c15752be
SHA1: 17957d1326540809102011ffcda3587098dddd52
PEiD: -

thanks again!

**Neal** · 18-12-2007

Much better,

You should uninstall from add/remove program if present:

Viewpoint
viewpoint manager
viewpoint media player

That stuff is usually installed without your consent.

Everything OK?

**greyishue** · 19-12-2007

Hi, I think therre are still some virus not removed..

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/19/2007 at 11:22 PM

Application Version : 3.9.1008

Core Rules Database Version : 3363
Trace Rules Database Version: 1362

Scan type : Complete Scan
Total Scan Time : 00:49:25

Memory items scanned : 388
Memory threats detected : 0
Registry items scanned : 6239
Registry threats detected : 0
File items scanned : 48912
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\TEMP\Cookies\peiying_2@imrworldwide[2].txt
C:\Documents and Settings\TEMP\Cookies\peiying_2@msnportal.112.2o7[1].txt
C:\Documents and Settings\TEMP\Cookies\peiying_2@doubleclick[1].txt
C:\Documents and Settings\TEMP\Cookies\peiying_2@atdmt[1].txt

also, i get advertisement like the picture attached. can i remove it?

**Neal** · 19-12-2007

yes you can remove it

hijack it log

Re: hijack it log

Similar Threads

Browser Hijack - Localhost Hijack

about:blank hijack - Hijack this log