Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis log - Help please


  • Please log in to reply
4 replies to this topic

#1 jengor

jengor

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 21 June 2005 - 05:49 AM

Hi,
please find below my hjt log, I would appreciate help in cleaning it up. I have done updates to both AdAware and Spybot, run scans and nothing found.
Thanks :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 11:32:03, on 21/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\spoolsv.exe
K:\WINDOWS\Explorer.EXE
I:\Firewall\ZoneAlarm\zlclient.exe
K:\WINDOWS\system32\ctfmon.exe
I:\washer\wwDisp.exe
I:\AVGANT~1\avgamsvr.exe
K:\Program Files\BandwidthMeter\BandwidthMeter.exe
I:\AVGANT~1\avgupsvc.exe
K:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
K:\Program Files\BT Broadband\Help\bin\mpbtn.exe
U:\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
U:\NORTON~1\SPEEDD~1\nopdb.exe
K:\WINDOWS\system32\ZoneLabs\vsmon.exe
K:\WINDOWS\system32\MsPMSPSv.exe
K:\WINDOWS\system32\wwSecure.exe
I:\Ad-aware 6\Ad-watch.exe
K:\Documents and Settings\Gordon\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] I:\Firewall\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG_CC] I:\AVGANT~1\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] K:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServicesOnce: [washindex] I:\washer\washidx.exe "Gordon"
O4 - HKCU\..\Run: [ctfmon.exe] K:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Window Washer] I:\washer\wwDisp.exe
O4 - HKCU\..\RunServicesOnce: [washindex] I:\washer\washidx.exe
O4 - Startup: Bandwidth Meter.lnk = K:\Program Files\BandwidthMeter\BandwidthMeter.exe
O4 - Global Startup: BT Broadband Help.lnk = K:\Program Files\BT Broadband\Help\bin\matcli.exe
O8 - Extra context menu item: &Check Spelling - res://K:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://K:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Download with GetRight - I:\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - I:\GetRight\GRbrowse.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - K:\Program Files\ieSpell\ieSpell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - K:\Program Files\ieSpell\ieSpell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - K:\Program Files\ieSpell\ieSpell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - K:\Program Files\ieSpell\ieSpell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: K:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{920B65E3-AF58-4D8B-8CDB-569AB6F88C8F}: NameServer = 192.168.1.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\AVGANT~1\avgupsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - U:\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - U:\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - K:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - K:\WINDOWS\system32\wwSecure.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 June 2005 - 04:51 AM

Hey jengor and Welcome!

The log looks OK from here,what problems are you having?

#3 jengor

jengor
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 22 June 2005 - 08:54 AM

Thank you for your interest, where did you get that name? :thumbsup: (in the nicest possible way)

I had identified slserv.exe as Malware with 2 entries detected by HJT.

I tried to delete both. I succeded with the file itself but this service came back each time and I could not get rid of it even using Safe mode.

O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)

Subsequent to the posting, I tried Task Manager to see if the service was running - but no. I have just completed a full registry search and have removed 10 instances where slserve existed.

A new HJT log shows that I have at last suceeded in a complete removal.

Again many thanks.

Jengor :flowers:

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 June 2005 - 06:27 PM

So you like the name HUH??

Crete comes from my profession which is Concrete!!

Cretemonster comes from the name of a piece of Heavy Equipment I use to run years ago!!!

Tell ya what you can do for the PC!!

Uninstall Ad Aware 6 completely and any plugins you may have used!

Do this via Add\Remove Programs,once all is Removed from there,restart the PC and get Ad Aware 1.06 from here
http://www.bleepingcomputer.com/forums/ind...showtutorial=48

Scan the PC with that and see what it comes up with!

2 Programs which can make using Internet Explorer much safer are

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Update Immediatly!

IE Spyad:
http://www.bleepingcomputer.com/forums/ind...showtutorial=53
There is a direct download inside and great tutorial also!

A few excellent places to run Online Scans are

http://www.kaspersky.com/beta?product=161744315

http://www.pandasoftware.com/products/acti...n_principal.htm

http://support.f-secure.com/enu/home/ols.shtml

http://www.bitdefender.com/scan/licence.php

http://www.ravantivirus.com/scan/

Hope all this Helps!!

#5 jengor

jengor
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 23 June 2005 - 08:54 AM

Many thanks,

all installed plus Spyware Guard, I use TrendMicro as an online AV scan as it is compatible with Firefox, my preferred browser.

Best wishes

Jengor :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users