Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT - Bluelurker


  • Please log in to reply
2 replies to this topic

#1 bluelurker

bluelurker

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:52 PM

Posted 14 February 2005 - 10:42 AM

Hi guys here my hijack this log

Logfile of HijackThis v1.99.0
Scan saved at 11:29:30 PM, on 2/14/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Matinsoft\GoldTach\GoldTach.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\aalku\Web Window Killer\WebWindowKiller.exe
C:\Program Files\iolo\Common\Task Agent\task_agent.exe
C:\Program Files\AOL 7.0\waol.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\usrshutd.exe
C:\WINDOWS\System32\winmsdc.exe
C:\WINDOWS\System32\vwipxspnt.exe
C:\Documents and Settings\ANDREW\Desktop\SYSTEM TOOLS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/imghp?num=100&hl=...f&output=search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - Advanced - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [GoldTach] C:\Program Files\Matinsoft\GoldTach\GoldTach.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunOnce: [System Mechanic Cache Cleanup] C:\Program Files\iolo\System Mechanic\SysMechanic.exe /CompleteCache
O4 - HKCU\..\Run: [Web Window Killer] "C:\Program Files\aalku\Web Window Killer\WebWindowKiller.exe" hidden
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\task_agent.exe
O4 - HKCU\..\Run: [Clean Registry at StartUp] C:\Program Files\iolo\System Mechanic\SysMechanic.exe /RegistryClean
O4 - HKCU\..\Run: [Erase History at StartUp] C:\Program Files\iolo\System Mechanic\SysMechanic.exe /CleanHistory
O4 - HKCU\..\Run: [Clean Junk Files at StartUp] C:\Program Files\iolo\System Mechanic\SysMechanic.exe /CleanJunk
O10 - Unknown file in Winsock LSP: c:\windows\system32\tasi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tasi.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://*.63.219.181.7
O17 - HKLM\System\CCS\Services\Tcpip\..\{123FBD5C-A5C1-43CC-A77E-7DCB2BFFD974}: NameServer = 202.67.65.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DDDF690-A10D-4EDB-9CEB-DF751735276B}: NameServer = 69.50.188.180,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{31862759-D854-42BC-90C4-98C021A16757}: NameServer = 69.50.188.180,195.225.176.31
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Hope you can help, if you have the time here is a link to my other problems hoping you could help with them.
http://www.bleepingcomputer.com/forums/t/11233/need-help/
Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:52 PM

Posted 15 February 2005 - 06:19 PM

Download remv3.zip from here:

http://forums.skads.org/index.php?act=Attach&type=post&id=87

and save it on your desktop. Then extract the zip file to c:\ms4hd.

Boot your computer into Safe Mode. Instructions on how to do this can be found here:

How to boot Windows into Safe Mode

Navigate to c:\ms4hd and double-click on the remv3.bat file. When it is done it will open a log file of what it found. This log file is saved in c:\log.txt.

Reboot your computer back to normal mode and post the contents of c:\log.txt. To open it, click on start, then run, and type notepad c:\log.txt and press the OK button.

A notepad will open up. Please create a reply to this message and post the contents of that notepad along with a new hijackthis log.

#3 bluelurker

bluelurker
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:06:52 PM

Posted 21 February 2005 - 08:54 AM

Thanks for the help with my PC problem, ended up getting the IT guy from work to sort it out seeing as it was a company PC. Thank you for taking the time in your offer of help have recommended this site to others at work. Once again thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users