HiJackThis Log HELP!

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!

BleepingComputer.com > Security > Virus, Trojan, Spyware, and Malware Removal Logs

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

HiJackThis Log HELP!

Options

Shibby View Member Profile	May 30 2004, 09:37 PM Post #1
Member Group: Members Posts: 85 Joined: 30-May 04 Member No.: 617	I have ran three different spyware programs and have gotten ride of all my spyware?....but i keep getting random pop-ups? I think i have something hiding. Can someone help me. Logfile of HijackThis v1.97.7 Scan saved at 7:30:08 PM, on 5/30/2004 Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Gateway Wireless Monitor\WLService.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Gateway Wireless Monitor\WLanCfgBI.exe C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Kyle\Desktop\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {3490DA43-2067-CCED-CBA7-770AB82B4F9D} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Research (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab Also, i cant get ride of a file called PrismXL. It is in two differently named folders in my Common Files. Can anyone tell me how to del. it? This post has been edited by Shibby: May 30 2004, 09:40 PM

Papakid View Member Profile	May 30 2004, 11:31 PM Post #2
Guru at being a Newbie Group: Malware Response Team Posts: 6,017 Joined: 8-April 04 Member No.: 96	Hi Shibby, First, I wouldn't worry about the PrismXL file unless you know it's causing problems such as errors with the file name included. I'm not sure what anti-spyware tools you've run, although I see you have SpySweeper installed. We recommend that you run AdAware also if you haven't already done so. I'm not sure if this is going to help, but there are a few items to be removed with HijackThis. Otherwise your log looks clean. First, you need to move HijackThis into its own permanent folder. This is important. Please follow THESE INSTRUCTIONS. It's best not to run HT from the Desktop, especially if you have more than one user account. Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows Scan again with HijackThis. Close all other windows, put a checkmark by these entries, double-checking to be sure that only these entries are checked & then click the "Fix checked" button. O3 - Toolbar: (no name) - {3490DA43-2067-CCED-CBA7-770AB82B4F9D} - (no file) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab Reboot and post another log. Let us know if that helped. If not it would be helpful to know what has been removed with those other tools. So let me know what else you've been using--I may want to see a log from them. BTW, are you beta-testing SP2? -------------------- And I may be obliged to defend Every love every ending Or maybe there's no obligations now, Maybe I've a reason to believe We all will be received In Graceland--Paul Simon

Shibby View Member Profile	May 31 2004, 02:29 PM Post #3
Member Group: Members Posts: 85 Joined: 30-May 04 Member No.: 617	I am running Adaware, s&d, and SpySweeper. I also had put Hackthis in its on folder in C:\.Also I already show hidden files. I did what you said and del those processes and rebooted...here is my new log Logfile of HijackThis v1.97.7 Scan saved at 12:26:04 PM, on 5/31/2004 Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Gateway Wireless Monitor\WLService.exe C:\Program Files\Gateway Wireless Monitor\WLanCfgBI.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Research (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB P.S. I am beta testing SP2

Grinler View Member Profile	May 31 2004, 07:50 PM Post #4
Bleep Bleep! Group: Admin Posts: 33,257 Joined: 24-January 04 From: USA Member No.: 3	This log is clean. I would love to hear your experiences and comments about sp2 and how it is working out for you. If you do not mind please tell us about it in this forum: Bleeping Computer Windows Forums -------------------- Lawrence Become a BleepingComputer fan: Facebook Follow us on Twitter! How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!

Papakid View Member Profile	May 31 2004, 08:55 PM Post #5
Guru at being a Newbie Group: Malware Response Team Posts: 6,017 Joined: 8-April 04 Member No.: 96	Shibby, are you still getting random popups? -------------------- And I may be obliged to defend Every love every ending Or maybe there's no obligations now, Maybe I've a reason to believe We all will be received In Graceland--Paul Simon

Shibby View Member Profile	May 31 2004, 11:34 PM Post #6
Member Group: Members Posts: 85 Joined: 30-May 04 Member No.: 617	Yeah, but not that often. I will post the links it sends me when i get another one. Its funny cause it sends me pop-ups for spyware removel software.

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th September 2010 - 05:35 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides