Hijack This Log/404ads problem/backdoor issue

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post.

- BleepingComputer Management

BleepingComputer.com > Security > HijackThis Logs and Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Hijack This Log/404ads problem/backdoor issue

Options

sknott View Member Profile	Dec 22 2004, 11:55 PM Post #1
New Member Group: Members Posts: 3 Joined: 22-December 04 Member No.: 7,695	Hi, I have a few problems with my PC right now. The first is that seem to have the 404ad.net redirect. Many websites I try to access gets the redirect. Here is the HiJack this log: Logfile of HijackThis v1.99.0 Scan saved at 11:47:16 PM, on 12/22/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\atiptaxx.exe C:\WINDOWS\System32\ltmsg.exe C:\Program Files\Compaq\EAB\EabServr.exe C:\Program Files\Compaq\Hotkey Software\hkss.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\System32\uvrnhkm.exe C:\Program Files\D-Link Air\Air.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Semagic\LiveJournalU.exe C:\Program Files\Kazaa Lite K++\KazaaLite.kpp C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AEB076DC-B566-F96F-14A0-BB024AD67712} - C:\WINDOWS\Jjficlav.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Search - {8578214E-26F8-C66C-D69C-F823F8DC4A9F} - C:\WINDOWS\Jjficlav.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9 O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\uvrnhkm.exe O4 - Global Startup: D-Link Air.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe So there it is. Also, the other problem I have is that I cannot seem to install the new Windows Service Pack. Everytime I try it says that it was unable to install but doesn't give a reason. Another problem I have having is that in my C drive I have something called 'bla' which I think I have read is a backdoor thing. Anyone know how to get rid of it? And there is also something called "Counter" but I don't know what it is or if it is harmful or not. Hopefully someone can help. Thanks in advance!

Grinler View Member Profile	Dec 23 2004, 04:50 PM Post #2
Bleep Bleep! Group: Admin Posts: 29,367 Joined: 24-January 04 From: USA Member No.: 3	Do you have a file called c:\windows\system32\ms0b920b.dll? Print out these instructions and then close all windows including Internet Explorer. Then I want you to fix some of those entries. Please do the following: Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows Reboot your computer into Safe Mode Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button: R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {AEB076DC-B566-F96F-14A0-BB024AD67712} - C:\WINDOWS\Jjficlav.dll O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll O3 - Toolbar: Search - {8578214E-26F8-C66C-D69C-F823F8DC4A9F} - C:\WINDOWS\Jjficlav.dll O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\uvrnhkm.exe O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe Then delete these files or directories (Do not be concerned if they do not exist) C:\WINDOWS\Jjficlav.dll C:\WINDOWS\System32\nvms.dll C:\WINDOWS\System32\mscb.dll C:\WINDOWS\System32\msbe.dll C:\WINDOWS\Jjficlav.dll C:\WINDOWS\System32\uvrnhkm.exe C:\WINDOWS\System32\angelex.exe Then click on Start, then run, and type sc delete ISEXEng and press the OK button. Reboot your computer to go back to normal mode and post a new log. -------------------- Lawrence

« Next Oldest · HijackThis Logs and Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2008 - 10:38 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides