my HJT log, please help

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

my HJT log, please help, used ad-aware and spybot

Options

xtn View Member Profile	Mar 8 2005, 05:41 PM Post #1
New Member Group: Members Posts: 2 Joined: 8-March 05 Member No.: 13,900	Logfile of HijackThis v1.99.1 Scan saved at 2:34:02 PM, on 3/8/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Parallel Tasking\ptask.exe C:\WINDOWS\otioc.exe C:\Program Files\Pop-Up No-No\punn.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\ISTsvc\istsvc.exe C:\PROGRA~1\DAP\DAP.EXE C:\Documents and Settings\user\Desktop\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\user\LOCALS~1\Temp\sp.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\user\LOCALS~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_18_0.dll O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2BA27A08-8EED-4296-B8DE-7977EE7139E7} - C:\WINDOWS\System32\ekh.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Canada Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_18_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe O4 - HKLM\..\Run: [IR3t] C:\WINDOWS\otioc.exe O4 - HKLM\..\Run: [PopUpNoNo] "C:\Program Files\Pop-Up No-No\punn.exe" -startup O4 - HKLM\..\Run: [Zu•í$RÚ½ûëÁ¹rÜD/¢’¼C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\otioc.exe O4 - HKLM\..\Run: [Zu•í$RÚ½ûëÁ¹rÜD/¢›¸C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\otioc.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\RunServices: [Update Service] wmipsvsc.exe O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe O4 - HKLM\..\RunServices: [Generic Service Process] serv1ces.exe O4 - HKLM\..\RunServices: [File System Service] wmiprvsc.exe O4 - HKLM\..\RunServices: [Msrv32] Msrv32.exe O4 - HKLM\..\RunServices: [Microsoft Update] Microsoft.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Canada Companion) - http://us.dl1.yimg.com/download.companion....bio5_3_18_0.cab O18 - Filter: text/html - {29BC84C2-009F-46E7-878B-F6EDBC11D2FC} - C:\WINDOWS\System32\ekh.dll O18 - Filter: text/plain - {29BC84C2-009F-46E7-878B-F6EDBC11D2FC} - C:\WINDOWS\System32\ekh.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

miekiemoes View Member Profile	Mar 9 2005, 03:56 AM Post #2
Malware Killer Dog Group: HJT Team Posts: 16,525 Joined: 18-February 05 From: Belgium Member No.: 12,408	Hi there, * Download and install CCleaner Do not use it yet. Download CWShredder. Don't let it run yet! * Please set your system to show all files. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. * Close all open windows leaving only HijackThis running. Place a check against each of the following: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\user\LOCALS~1\Temp\sp.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\user\LOCALS~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL (file missing) O2 - BHO: (no name) - {2BA27A08-8EED-4296-B8DE-7977EE7139E7} - C:\WINDOWS\System32\ekh.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe O4 - HKLM\..\Run: [IR3t] C:\WINDOWS\otioc.exe O4 - HKLM\..\Run: [Zu•í$RÚ½ûëÁ¹rÜD/¢’¼C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\otioc.exe O4 - HKLM\..\Run: [Zu•í$RÚ½ûëÁ¹rÜD/¢›¸C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\otioc.exe O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe O4 - HKLM\..\RunServices: [Generic Service Process] serv1ces.exe O4 - HKLM\..\RunServices: [File System Service] wmiprvsc.exe O4 - HKLM\..\RunServices: [Msrv32] Msrv32.exe O4 - HKLM\..\RunServices: [Microsoft Update] Microsoft.exe O18 - Filter: text/html - {29BC84C2-009F-46E7-878B-F6EDBC11D2FC} - C:\WINDOWS\System32\ekh.dll O18 - Filter: text/plain - {29BC84C2-009F-46E7-878B-F6EDBC11D2FC} - C:\WINDOWS\System32\ekh.dll O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe * Click on Fix Checked when finished and exit HijackThis. * Reboot into Safe Mode`: °To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key. Using Windows Explorer, locate the following files/folders, and delete them: C:\Program Files\Parallel Tasking <== this folder C:\WINDOWS\otioc.exe C:\Program Files\ISTsvc <== this folder C:\WINDOWS\zeta.exe * Start CWShredder and click FIX * Start Ccleaner and click Run Cleaner * Reboot your system back to normal mode Just to make sure.... °Download Registrar Lite from: http://www.resplendence.com/download/reglite.exe and install it. °Run Registrar Lite and copy and paste the following into the address-field on top: CODE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Select the green arrow go. On the right side panel, you will see 'Appinit_Dlls', so doubleclick on it. *A window will open (Data Editor) and below you will see 'Value' and a field next to it with a file in it, so copy and paste into your next post together with a new hijackthislog. -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog. My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

xtn View Member Profile	Mar 9 2005, 04:32 AM Post #3
New Member Group: Members Posts: 2 Joined: 8-March 05 Member No.: 13,900	miekiemoes thank you very much for taking the time in answering my question! Im glad to see that there are still people out there who help others. I will try wat you suggested, thanks again! XTN

miekiemoes View Member Profile	Mar 10 2005, 11:11 AM Post #4
Malware Killer Dog Group: HJT Team Posts: 16,525 Joined: 18-February 05 From: Belgium Member No.: 12,408	Hi xtn, Don't forget to post a new hijackthislog after finishing these steps. ;-) This post has been edited by miekiemoes: Mar 10 2005, 11:11 AM -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog. My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th January 2009 - 07:05 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides