Jump to content

My Hijack this log - Need help!!!!


jamie

Recommended Posts

Many thanks in advance... :D

Logfile of HijackThis v1.99.1

Scan saved at 00:26:57, on 27.11.2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\d3tu.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe

C:\Programme\Norton Internet Security\ISSVC.exe

C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

C:\Programme\Java\jre1.5.0_03\bin\jusched.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\rmctrl.exe

C:\WINDOWS\system32\atlqn.exe

C:\WINDOWS\system32\wscntfy.exe

F:\Tools\wwwsearch removal\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gfsjm.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gfsjm.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gfsjm.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gfsjm.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gfsjm.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gfsjm.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gfsjm.dll/sp.html#37049

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Class - {1BE22BEC-1D4B-238E-0CAA-4D49A69DBEE8} - C:\WINDOWS\ipmj32.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll

O2 - BHO: Class - {AD1DBCC5-1F76-3EE9-F75D-5E646CBA5DF8} - C:\WINDOWS\systf.dll (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Class - {D4EE5CE6-9ADD-6B2D-F141-C9A1BCE869E4} - C:\WINDOWS\system32\ievz.dll (file missing)

O2 - BHO: Class - {EA1C9599-38EA-A706-7B47-FE7D9CD0589B} - C:\WINDOWS\system32\crtr32.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKLM\..\Run: [atlqn.exe] C:\WINDOWS\system32\atlqn.exe

O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MSOFFI~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://ssl.tele2.com/inc/accounthelper.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7768292A-4FF2-4DAA-9C4E-4E37E314760E}: NameServer = 130.244.127.161,130.244.127.169

O23 - Service: Remote Procedure Call (RPC) Helper ( 11F

Link to post
Share on other sites

Hello jamie and Welcome! :D

Sorry you're having malware trouble.

PLEASE PRINT OUT THESE INSTRUCTIONS BEFORE PROCEEDING.

PLEASE FOLLOW ALL THE STEPS SLOWLY AND CAREFULLY.

STEP 1:

Please make sure that you can view all hidden files. Instructions can be found here.

After enabling hidden files, for Windows XP, go to Start, Search, All Files and Folders, scroll down and find "More Advanced Options". Make sure "Search System Folders" and "Search hidden files and folders" and "Search system subfolders" are all checked.

STEP 2:

Download AboutBuster from RubbeR DuckY here

In the Save in: window, find C:\Spyware Tools and click the Save button.

Inside the Spyware Tools folder, extract all files from AboutBuster.zip inside its own folder named AboutBuster.

Double-click AboutBuster.exe and press Update to make sure you have the latest reference file version.

NOTE: You might want to view this AboutBuster tutorial here first before running the tool.

Don't run it yet, we will use it later.

STEP 3:

Download and install the latest version of Ad-Aware SE here

NOTE: If you are still using Ad-Aware 6, go to Add/Remove Programs in the Control Panel and uninstall it now before installing Ad-Aware SE.

Please configure the program by following these instructions here.

Before scanning click on "Check for updates now" to make sure you have the latest reference file.

Don't run it yet, we will use it later.

STEP 4:

Download and install the Ewido Security Suite

NOTE: The Ewido Security Suite utility will not install on Windows 95, 98, ME, or NT. The minimum system requirements for Ewido Security Suite is: Windows 2000 or Windows XP.

  • 1.) Download and install the Ewido Security Suite
here
2.) IMPORTANT! When the Additional Options screen comes up, uncheck Install background guard and and Install scan via context menu, click Install.
3.) Double-click on the new e Ewido shortcut on the desktop to open the program.
4.) On the upper LH side column, click on the Update button.
(This will update the program with all the latest signature files.)
Don't run it yet, we will use it later.

STEP 5: Copy the contents of the Quote Box below to Notepad. Name the file as hsafix.reg. Change the Save as Type to All Files, Save this file on the desktop. Please DO NOT include the word QUOTE when saving the file.

Don't double-click it yet, we will use it later.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_O?*001E*2019*017DRT*00F1*00E5*00C8*00B2$*000E*00D3][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_O?*001E*2019*017DRT*00F1*00E5*00C8*00B2$*000E*00D3\0000]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_O?*001E*2019*017DRT*00F1*00E5*00C8*00B2$*000E*00D3\0000]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_O?*001E*2019*017DRT*00F1*00E5*00C8*00B2$*000E*00D3\0000]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_11F

Link to post
Share on other sites

Here we go - please tell me it worked! Brilliant help too btw :D

Logfile of HijackThis v1.99.1

Scan saved at 22:28:45, on 28.11.2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe

C:\Programme\ewido\security suite\ewidoctrl.exe

C:\Programme\ewido\security suite\ewidoguard.exe

C:\Programme\Norton Internet Security\ISSVC.exe

C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Programme\Java\jre1.5.0_03\bin\jusched.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\rmctrl.exe

C:\Programme\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

F:\Tools\wwwsearch removal\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MSOFFI~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://ssl.tele2.com/inc/accounthelper.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7768292A-4FF2-4DAA-9C4E-4E37E314760E}: NameServer = 130.244.127.161,130.244.127.169

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

Link to post
Share on other sites

Nice Work!

Your log looks much better. :D

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

Your log shows that you have disabled some startup programs using MSConfig.

This is not recommended because I cannot clearly see everything that is loading on your computer at startup. To enable all startup items quickly, please follow these instructions:

  • 1.) Go to Start, Run, and type msconfig and click OK
    2.) If not already selected go to the General tab.
    3.) Under Startup Selection select "Normal Startup - load all device drivers and services".
    4.) Click Apply and then Close.
    5.) When given the option, please choose to reboot the computer.
    6.) Post a new HJT log here in this thread when you are done.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.