Hi guys. Need a little help please. Not sure where to post this, so here it it. If you cant help, please guide me if you can. Thanks. Logfile of HijackThis v1.98.0 Scan saved at 3:18:31 AM, on 8/26/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSSystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32LEXBCES.EXE C:WINDOWSsystem32LEXPPS.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE Crogram FilesCommon FilesSymantec SharedccSetMgr.exe Crogram FilesNorton AntiVirus avapsvc.exe Crogram FilesNorton AntiVirusSAVScan.exe C:WINDOWSSystem32svchost.exe Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe Crogram FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe C:WINDOWSinetgservices.exe C:WINDOWSSOUNDMAN.EXE Crogram FilesCommon FilesSymantec SharedccApp.exe Crogram FilesLexmark X5100 Serieslxbabmgr.exe Crogram FilesLexmark X5100 Serieslxbabmon.exe Crogram FilesMicrosoft HardwareKeyboard ype32.exe Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe Crogram FilesMessengermsmsgs.exe Crogram FilesHistoryKillhistkill.exe Crogram FileseMuleemule.exe Crogram FilesWinRARWinRAR.exe COCUME~1JamieLOCALS~1TempRar$EX00.437SpyWareAPP'Smalware_ helperHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.ask.com/ R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.ask.com/ R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com* R3 - URLSearchHook: (no name) - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - (no file) O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:WINDOWSlocalNRD.dll O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file) O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:WINDOWSsystem32 vms.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - Crogram FilesNorton AntiVirusNavShExt.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:WINDOWSsystem32mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:WINDOWSsystem32msbe.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Crogram FilesNorton AntiVirusNavShExt.dll O3 - Toolbar: (no name) - {815A82AE-CDEF-11D8-BA48-A6D245798277} - (no file) O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [ccApp] "Crogram FilesCommon FilesSymantec SharedccApp.exe" O4 - HKLM..Run: [Lexmark X5100 Series] "Crogram FilesLexmark X5100 Serieslxbabmgr.exe" O4 - HKLM..Run: [IntelliType] "Crogram FilesMicrosoft HardwareKeyboard ype32.exe" O4 - HKLM..Run: [ATIPTA] Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [xp_system] C:WINDOWSinetgservices.exe O4 - HKLM..Run: [dlcyonxoo] C:WINDOWSSystem32yddyxs.exe O4 - HKLM..Run: [Winad Client] Crogram FilesWinad ClientWinad.exe O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [HistoryKill] Crogram FilesHistoryKillhistkill.exe /startup O4 - HKCU..Run: [xp_system] C:WINDOWSinetgservices.exe O4 - HKCU..Run: [Scan Spyware] "Crogram FilesScanSpyware v3.6Scanner.exe" O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://CROGRA~1MICROS~3Office10EXCEL.EXE/3000 O15 - Trusted Zone: www.mt-download.com O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...1dd4eb01d54f:eeba47ee03d937f4aaa2edc6fc4885a4 O17 - HKLMSystemCCSServicesTcpip..{13FA7341-8635-4EF0-990E-0A7AE3C473F9}: NameServer = 192.168.0.1 O17 - HKLMSystemCS1ServicesTcpip..{13FA7341-8635-4EF0-990E-0A7AE3C473F9}: NameServer = 192.168.0.1
Hey big j_holmes Hijack this has a forum that you can post that log to and they will go over it with a fine tooth comb. There are some really knowledgable people there, not that there aren't here, but they specialize with your question. go here register and post your log: http://forums.tomcoyote.org/index.php?s=7acd7848286f4acb68e5873c68eb7736&act=idx good luck and make sure your are running the following to keep spyware actively away: adware 6(for occasional checks) spybot search and destroy(use the immunize feature for blocking) spywareBlaster(enable the blocking features) These programs if used correctly will prevent you from getting spyware and hijacks. Be sure to update often and you can beat those bastards. Here is another good site for your problems and it makes for good reading to keep up with new progs for spyware: http://forums.spywareinfo.com/ and the place to get your apps: http://www.majorgeeks.com/ _X_X_X_X_X_[small]P4 2.8c @ 3.2 Abit IC7-G 2x80 gb seagates barracudas ATI AIW 9600 soft mod by w1zzard 2 x 256 pc 3200 Kingston valueram(hynix chips)[/small]
WOW - thats a lot of adware/spyware http://www.bulletproofsoft.com download BPS Spyware Adware Remover that will get rid of ALL of these
spybot and blaster work in tandem to immunize your machine from getting any malicious ware. I only occasionally run adware 6 just to make sure that nothing is getting through. They are not resource hogs so I dont really notice that they are there.
HijackThis has its own forum with INSTRUCTIONs on HOW to post your log file --!! There , members that have the knowledge will gladly help you out -- It could be Me !! Try it there :- http://forums.spywareinfo.com/ (Edited for Typo) _X_X_X_X_X_[small]Do It Right , and you will be a Happy Camper ![/small]
Can you guys help me out here? I'm new to this program. Logfile of HijackThis v1.98.2 Scan saved at 10:27:00 AM, on 9/18/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\KAV Shared Files\repview.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\BitTornado\btdownloadgui.exe C:\Documents and Settings\Ryan Septer\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iastate.edu/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ss.r21.mchsi.com:8000 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r21.mchsi.com R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing) O2 - BHO: twaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\system32\apuc.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe" O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093397725892 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
do yourself a favour - either goto hijackthis forums or goto http://www.bulletproofsoft.com and download BPS Spyware Adware Remover - the trial will remove any problems u have
There is a definite procedure to follow before posting HijackThis Logs - [bold]Read the rules there [/bold]- Please use that forum so you get help -- I am not gonna start doing this in here ! Sorry !
