Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 23.1.2025 / 00:04
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hjt log .. help?!
Show topics
 
Forums
Forums
HjT Log .. Help?!
  Jump to:
 
Posted Message
Against
Suspended due to non-functional email address
_ 		11. October 2006 @ 16:44 _ Link to this message    Send private message to this user   
Ok, I made a current thread on this subject of spyware on my Pc, but for some reason, I can't find the thread :S. The last reply was by Niobis. Anyhow, he told me to download AVG anti-spyware 7.5, and put my pc in safe mode, so I did. And to post my log on here, and my HjT log too. Anyhow.. here's my AVG AS Log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:10:49 PM 10/11/2006

+ Scan result:



C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP294\A0092478.exe -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP294\A0092480.exe -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP295\A0092535.exe -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP295\A0092539.exe -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP302\A0092825.exe -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP302\A0092826.exe -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP250\A0086535.exe -> Adware.Lop : No action taken.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP306\A0093054.exe -> Adware.PurityScan : No action taken.
C:\Program Files\Common Files\{3423DC14-0AF0-1033-1123-050325200001}\MyToolBar.dll -> Adware.Softomate : No action taken.
C:\Program Files\Common Files\{3423DC14-0AF0-1033-1123-050325200001}\Update.exe -> Adware.Softomate : No action taken.
C:\Program Files\Common Files\{3423DC14-0AF0-1033-1123-050325200001}\services.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP294\A0092473.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP294\A0092474.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP294\A0092475.exe -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP294\A0092479.exe/IUCMORE.DLL -> Adware.Ucmore : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP294\A0092479.exe/UCMTSAIE.DLL -> Adware.Ucmore : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP294\A0092479.exe/empty_00000001 -> Adware.Ucmore : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP295\A0092534.exe/IUCMORE.DLL -> Adware.Ucmore : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP295\A0092534.exe/UCMTSAIE.DLL -> Adware.Ucmore : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP295\A0092534.exe/empty_00000001 -> Adware.Ucmore : No action taken.
C:\WINDOWS\Downloaded Program Files\313133352D2D2D.exe -> Downloader.Adload.gd : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP298\A0092555.exe -> Downloader.Adload.gg : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP302\A0092829.exe -> Downloader.Adload.gg : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP302\A0092830.exe -> Downloader.Adload.gg : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP308\A0093156.exe -> Downloader.Adload.gg : No action taken.
C:\Program Files\Common Files\Ѕymantec\mshta.exe -> Downloader.PurityScan.dr : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP304\A0092901.exe -> Dropper.PurityScan.q : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlyaodjseo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP294\A0092516.exe -> Trojan.VB.tg : No action taken.
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP295\A0092545.exe -> Trojan.VB.tg : No action taken.
C:\WINDOWS\uninst108.exe -> Trojan.VB.tg : No action taken.


::Report end


HjT Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:31:44 PM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon06.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.ca
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=092706 serial=WP12WEX-0046611-QCG lang=EN
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e24.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1136040852562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1136044701281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{788A21D6-8908-46B8-A229-1FD39BF1598D}: NameServer = 111.124.212.34,213.23.117.20
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Thanks for the help,

Against.
[ + quote]
Niobis
Senior Member
_ 		12. October 2006 @ 00:59 _ Link to this message    Send private message to this user   
Hello Against, good to hear from you again. :)

You have to run AVG AS again, you didn't apply any actions.

First, turn off System Restore.
Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".
Click OK.

Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open AVG AS and click "Scanner".
Click "Complete System Scan".
When it finishes scanning, set all items to "Quarantine".
Click "Apply All Actions".
Click "Save Report".
Click "Save report as" and save it to the desktop.

Post back with the new report and a new HijackThis log.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
h0tb0y2k1
Newbie
_ 		16. October 2006 @ 14:47 _ Link to this message    Send private message to this user   
Niobis - Can you help me out? I'm experiencing similar problems as described here: http://forums.afterdawn.com/thread_view.cfm/405725
Thanks.
[ + quote]
Advertisement
_ 		__
 
_
Niobis
Senior Member
_ 		16. October 2006 @ 14:55 _ Link to this message    Send private message to this user   
Sure h0tb0y2k1.

Download HijackThis.
Extract the file to it's own folder.
Open HijackThis.exe and click "Do a system scan and save a log file".
Please post that log in your own thread to avoid confusion.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
Findgala. Sticked Failed. HJT Log 8 21. August 2013 Windows - Virus and spyware problems
Pls check my HJT - is it heathy now? 4 14. February 2012 Windows - Virus and spyware problems
Laptop freezes and need re boot. HJT help needed 6 13. February 2012 Windows - Virus and spyware problems
Hi! Can someone take a look at a HJT log please, nasty virus! 1 27. January 2012 Windows - Virus and spyware problems
HJT..... Assist Please 15 31. December 2011 Windows - Virus and spyware problems
Redirections, other random things, HJT log 2 23. May 2011 Windows - Virus and spyware problems
System slow on startup and running loud - HJT log 3 11. May 2011 Windows - Virus and spyware problems
Slow and lagging computer -HJT log 4 30. March 2011 Windows - Virus and spyware problems
computer actin up a lil (HJT log) 3 24. February 2011 Windows - Virus and spyware problems
HJT log, please check 1 24. January 2011 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hjt log .. help?!
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork