1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HJT log

Discussion in 'Virus & Other Malware Removal' started by gmcsierra99, Jan 22, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. gmcsierra99

    gmcsierra99 Banned Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    2,611
    Logfile of HijackThis v1.99.1
    Scan saved at 6:48:09 PM, on 1/22/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\AIM\aim.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Price\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/port...MTA1MDEyMzQ2JTI2&.ys=g3_Iu905_t3HRsrY9IcFLw--
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    O4 - HKCU\..\Run: [MonsterGSetup.exe] C:\DOWNLO~1\MONSTE~1.EXE /r
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119323346363
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125191189985
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - https://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Looks clean (y)
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,047
    As your PM mentioned problems with AIM and the log is clean, we could try an on-line scan just to see if there's anything that doesn't show in the log.

    Panda Active Scan. Be sure to save the log it creates and post it here.
     
  4. gmcsierra99

    gmcsierra99 Banned Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    2,611
    so far it found 7 Spyware. it's a 60000.
     
  5. gmcsierra99

    gmcsierra99 Banned Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    2,611
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Thanks Cookie (y)
     
  7. gmcsierra99

    gmcsierra99 Banned Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    2,611
    i knew had some kind of junk lol, thanks ladies ;)

    Incident Status Location

    Adware:adware/adwhere Not disinfected Windows Registry
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Price\Cookies\[email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Price\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Price\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Price\Cookies\[email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Price\Cookies\[email protected][1].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Price\Cookies\[email protected][1].txt
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,047
    They are just cookies and wouldn't be responsible for your problems.

    For the benefit of others, would you please post a description of the problem you're having.
     
  9. gmcsierra99

    gmcsierra99 Banned Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    2,611
    Internet Explorer freezes, (well it doesnt freeze, it just doesnt work, i get that loading ison thing, then it says Not Responding in the top bar, by the Minimize and Close buttons), but i can Minimize or Close Internet Explorer, get the End Now thing, and i sometimes i cant look at profiles, it says Please Wait.... then it never works, i Sign Off then sign back on to see if it works but dont happen, when i dont Sign Off i will get a Reconnecting message, sometimes it works sometimes it doesnt, when i close the message, it will take about 15 mins. to get back on to AIM, but Internet Explorer will still work.
     
  10. gmcsierra99

    gmcsierra99 Banned Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    2,611
    i have no idea what happened, 1 hr. ago my friend said he was going to go on my computer, i was in the other room, and when he got off i jumped on it and i couldn't open any of the windows i minimized down at the bottom? i tryed to close all of them but it didnt work, soo i clicked cntrl alt dlt, n it like froze for 25 secs. then it was fine, i think he was looking at stuff that he wasnt surposed to be, well not on my computer anyway, got to have a talk with him tommorrow, if would like me to i will run HJT tommorrow and post the log. bed for now. :)
     
  11. gmcsierra99

    gmcsierra99 Banned Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    2,611
    well heres the log, i will be out for the day a will probrably be back around 2-4:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:22:56 AM, on 1/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/port...MTA1MDEyMzQ2JTI2&.ys=g3_Iu905_t3HRsrY9IcFLw--
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
    O4 - HKCU\..\Run: [MonsterGSetup.exe] C:\DOWNLO~1\MONSTE~1.EXE /r
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119323346363
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125191189985
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - https://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
     
  12. gmcsierra99

    gmcsierra99 Banned Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    2,611
    i noticed O4 - HKCU\..\Run: [MonsterGSetup.exe] C:\DOWNLO~1\MONSTE~1.EXE /r i think that was a game i downloaded, how can i get rid of the that?
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Check in Add/Remove Programs for Monster Garage
    If it's there, uninstall it.

    Then fix this entry with Hijack This:

    O4 - HKCU\..\Run: [MonsterGSetup.exe] C:\DOWNLO~1\MONSTE~1.EXE /r
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,047
    Why don't you try uninstalling and reinstalling AIM. It may have become corrupt.
     
  15. gmcsierra99

    gmcsierra99 Banned Thread Starter

    Joined:
    Dec 7, 2005
    Messages:
    2,611
    i'll try that Cheeseball.

    and Cookiegal, is there a way that i can get the old AIM back? when i uninstall it? because i know they have the new AIM Triton, and i went on www.aim.com to see if they had it but they didnt.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/436356

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice