1
   

help with hjt log

Forums: Computers
Email this Topic Print this Page
 
 
woggo
 
Reply Sat 24 Sep, 2005 04:49 am
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 516 • Replies: 2
No top replies

 
timberlandko
 
  1  
Reply Sun 25 Sep, 2005 05:54 pm
Start by getting rid of Kazaa and MessengerPlus, then get your Windows and Internet Explorer up to date; not much point doing anything else 'til thats been done.

Then, get busy HERE


If you need help uninstalling either Kazaa or MessengerPlus, or if there is some reason you can't update Windows and Internet Explorer, lemme know.
0 Replies
 
woggo
 
  1  
Reply Thu 29 Sep, 2005 05:26 pm
Hi Timberlandko

I have done as much as I can but I am still getting a stupid searchbar when I open internet explorer. I also get icons on my desktop that I cannot remove, Casino online and cellphone ringtones ect.
Here are the logs you ask for, thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 00:15:52, on 30/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\keyhook.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijack_this\hijackthis\HijackThis.exe
C:\hijack_this\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rquljxjodcouniylmfktw.com/hxLNK6V0jtlAarCtL7mOhrerTTE/56xIRmyscFeAC6g9WyE_bZSXIEw1SMsGp96P.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C46 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P32 "EPSON Stylus C46 Series (Copy 1)" /O6 "USB002" /M "Stylus C46"
O4 - HKLM\..\Run: [WindowsUpdate] C:\Program Files\Sony\Services\svchost.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Trans Funk Math Internet] C:\Documents and Settings\All Users\Application Data\Curb Bait Trans Funk\Joy Two.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [inter dash grim meal] C:\Documents and Settings\All Users\Application Data\4 Cdrom Inter Dash\axis ball.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [ho2qRRfnj] cmcryobj.exe
O4 - HKCU\..\Run: [bleh bash] C:\DOCUME~1\scott\APPLIC~1\ONEWAY~1\window 2.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {2B0526C6-E987-4DB3-8977-37260E442D5C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2B0526C6-E987-4DB3-8977-37260E442D5C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {776560D8-548D-4F3D-824A-AF52DBEF94AA} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {776560D8-548D-4F3D-824A-AF52DBEF94AA} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D7C9845A-5C32-41E4-878A-E94DF1778C0A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7C9845A-5C32-41E4-878A-E94DF1778C0A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E971DDBF-01A7-4A16-ABEB-51546DEB4CA5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E971DDBF-01A7-4A16-ABEB-51546DEB4CA5} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
O16 - DPF: {5CB462DA-AF62-1214-3470-4000120A40FF} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121073347623
O16 - DPF: {6EB61DDE-6BB1-30FA-E821-15774D8BEDA5} - http://69.50.182.94/1/rdgFR1953.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4592/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/gba10.exe
O20 - AppInit_DLLs: inkxfmjvsxrmg.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 21:57:03, 29/09/2005
+ Report-Checksum: 63B73E55

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{4418DD4D-7265-4c32-BC0A-3FDB3C2DA938} -> Spyware.XXXToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTprotect.Protecter\CLSID\\ -> Spyware.XXXToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTprotect.Protecter.1\CLSID\\ -> Spyware.XXXToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\IST -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTprotect.dll\\.Owner -> Spyware.XXXToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTprotect.dll\\{4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} -> Spyware.XXXToolbar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx\\.Owner -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
C:\Documents and Settings\scott\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\scott\Local Settings\Temp\allstar.exe -> TrojanDownloader.Small.avw : Cleaned with backup
C:\Documents and Settings\scott\Local Settings\Temp\Del1AF.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\scott\Local Settings\Temp\mySetp.exe -> Spyware.MyWebSearch : Cleaned with backup
C:\Documents and Settings\scott\Local Settings\Temp\pps.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\scott\Local Settings\Temp\res219.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\scott\Local Settings\Temp\Temporary Internet Files\Content.IE5\36P032FL\zloader[1].exe -> TrojanDropper.Small.ty : Cleaned with backup
C:\Documents and Settings\scott\Local Settings\Temp\Temporary Internet Files\Content.IE5\49EFCJUB\gba1754[1].exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\scott\Local Settings\Temp\tt_reco.exe -> TrojanDropper.Agent.ch : Cleaned with backup
C:\Documents and Settings\scott\My Documents\My Received Files\Messenger Plus! - Setup.exe/sponsor.exe -> TrojanDownloader.Swizzor.ag : Cleaned with backup
C:\lo-309993617.exe -> TrojanDownloader.Small.agq : Cleaned with backup
C:\lo2057305069.exe -> TrojanDownloader.Small.agq : Cleaned with backup
C:\Program Files\Aprps\CxtPls.dll -> TrojanDownloader.Apropo.ag : Cleaned with backup
C:\Program Files\Aprps\CxtPls.exe -> TrojanDownloader.Apropo.ag : Cleaned with backup
C:\Program Files\MyEmoticons\VVSN_MYEM0841Inst.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Need2Find -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Uninstall My Web Search.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gba10.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gba1754.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gba10.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gba1754.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\RCX21A.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\iccontrol.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\trf32.dll -> TrojanDownloader.Small.avw : Cleaned with backup
C:\WINDOWS\system32\wppp.html -> Spyware.PSGuard : Cleaned with backup


::Report End


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 00:15:06, 30/09/2005
+ Report-Checksum: FE3E0B0F

+ Scan result:

No infected objects found.


::Report End
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » help with hjt log
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.35 seconds on 12/28/2025 at 08:15:31