Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis LOG - Please Help


  • Please log in to reply
3 replies to this topic

#1 gualmonte

gualmonte

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 19 March 2005 - 01:49 PM

Hello, can you please tell me if there is anything wrong?
My father made some mistakes with my pc, and I'm not really sure that it is still safe.

THANK YOU :thumbsup:


Logfile of HijackThis v1.98.2
Scan saved at 19.36.44, on 19/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
H:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
H:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Programmi\File comuni\Symantec Shared\ccProxy.exe
H:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
H:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
H:\WINDOWS\System32\HPZipm12.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
H:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
H:\WINDOWS\System32\hphmon05.exe
H:\Programmi\File comuni\Symantec Shared\ccApp.exe
H:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Programmi\File comuni\Real\Update_OB\realsched.exe
H:\Programmi\Microsoft AntiSpyware\gcasServ.exe
H:\WINDOWS\System32\ctfmon.exe
H:\Programmi\Messenger\msmsgs.exe
H:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
H:\WINDOWS\System32\wuauclt.exe
H:\Programmi\MSN Messenger\msnmsgr.exe
H:\Documents and Settings\account\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - H:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - H:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] H:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] H:\Programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "H:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] H:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ccApp] "H:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] H:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [ATIPTA] H:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] H:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "H:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "H:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = H:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:18 PM

Posted 19 March 2005 - 03:18 PM

Hello gualmonte and welcome to the BC forums. You are currently running an older version of HijackThis. Please click on the link below and download the most current version:HijackThis_sfx.exe
Delete your current HijackThis.exe file and double-click on the file you just downloaded to install the newer version.

Start HijackThis and perform a new scan. Post your new log file back here as a relpy to this topic and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 gualmonte

gualmonte
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 21 March 2005 - 08:35 AM

Hello, this the new log with the new version of HiJackThis.

Thanks!



Logfile of HijackThis v1.99.1
Scan saved at 14.34.06, on 21/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\System32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
H:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
H:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Programmi\File comuni\Symantec Shared\ccProxy.exe
H:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
H:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
H:\WINDOWS\System32\HPZipm12.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
H:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
H:\WINDOWS\System32\hphmon05.exe
H:\Programmi\File comuni\Symantec Shared\ccApp.exe
H:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
H:\Programmi\File comuni\Real\Update_OB\realsched.exe
H:\Programmi\Microsoft AntiSpyware\gcasServ.exe
H:\Programmi\Conexant\CnxDslTb.exe
H:\WINDOWS\System32\ctfmon.exe
H:\Programmi\Messenger\msmsgs.exe
H:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
H:\WINDOWS\System32\wuauclt.exe
H:\Programmi\Internet Explorer\iexplore.exe
H:\Documents and Settings\account\Desktop\HijackThis\HijackThis.exe

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - H:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - H:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - H:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] H:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] H:\Programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "H:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] H:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ccApp] "H:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] H:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [ATIPTA] H:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] H:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "H:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "H:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] H:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [sp] rundll32 H:\DOCUME~1\account\IMPOST~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [CnxDslTaskBar] H:\Programmi\Conexant\CnxDslTb.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = H:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - H:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - H:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - H:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - H:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:18 PM

Posted 21 March 2005 - 02:35 PM

Hi gualmonte. I see one item that needs our attention. Please follow the directions below.

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O4 - HKLM\..\Run: [sp] rundll32 H:\DOCUME~1\account\IMPOST~1\Temp\se.dll,DllInstall
Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

We need to make sure all hidden files are showing so please:* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):H:\Documents and Settings\account\<the directory that starts with "IMPOST'>\Temp\se.dll
Next, let's clean up the temporary folders:* Click Start
* Point to Programs
* Point to Accessories
* Point to System Tools
* Click Disk Cleanup
* Select the following items and then click the OK button.* Temp Setup Files
* Downloaded Program Files
* Temp Internet Files
* Debug Dump Files
* Office Setup Files
* old chkdsk files
* Recycle Bin
* Temp Remote Desktop Files
* Setup Log Files
* Temp Files
* WebClient temp files
[/list]OK. Reboot your computer normally, start HijackThis and perform a new scan. Post your new log file back here using the Add Reply button and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users