Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 jdimaria

jdimaria

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 24 June 2005 - 01:55 PM

Hello,

I wanted to see if I could get some help with this HJT log. I wiped out my hard drive and reformatted my machine to remove the sysupd.exe virus. I successfully removed that virus - however I caught spyware viruses while simply trying to secure my machine (installing windows updates from Microsoft). I am trying to prevent wiping out my machine again...My home page redirects to a spyware help site, I get random popups and frequent fatal error messages from windows messenger. Updating windows was my first step (besides turning on XP's personal firewall) - I wanted to get rid of this virus before I installed Norton.

Any help would be greatly appreciated!!

Thanks!!

Jeff

Logfile of HijackThis v1.99.1
Scan saved at 1:26:49 PM, on 6/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\TASKMGRU.EXE
C:\WINDOWS\System32\MSIMN32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\wincfgkop9.exe
C:\WINDOWS\System32\lsalogin32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\MSIMN32.EXE
C:\WINDOWS\System32\TASKMGRU.EXE
C:\WINDOWS\system32\cmd.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\JEFFDI~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\JEFFDI~1\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: BHDP Class - {1A1488CB-8028-49ba-AD19-18D13CDC650F} - C:\WINDOWS\bhoass.dll
O2 - BHO: (no name) - {36DEB285-E4F4-4A42-B252-6BBB7EC2982B} - C:\WINDOWS\System32\lfmc.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinConfig9324] wincfgkop9.exe
O4 - HKLM\..\Run: [Service Monitor] lsalogin32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [WinConfig32] C:\WINDOWS\\\\\\\\\\\\\\
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\JEFFDI~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunServices: [WinConfig9324] wincfgkop9.exe
O4 - HKLM\..\RunServices: [Service Monitor] lsalogin32.exe
O4 - HKCU\..\Run: [MSIMN32] C:\WINDOWS\System32\MSIMN32.EXE
O4 - HKCU\..\Run: [TASKMGRU] C:\WINDOWS\System32\TASKMGRU.EXE
O13 - DefaultPrefix: http://ehttp.cc/?
O13 - WWW Prefix: http://ehttp.cc/?
O13 - WWW. Prefix: http://ehttp.cc/?
O18 - Filter: text/html - {C51E1DEC-924F-40CD-8EB0-FE22B3AC2E1F} - C:\WINDOWS\System32\lfmc.dll
O18 - Filter: text/plain - {C51E1DEC-924F-40CD-8EB0-FE22B3AC2E1F} - C:\WINDOWS\System32\lfmc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:19 AM

Posted 25 June 2005 - 02:17 PM

Hello..
Your system is badly infected.
I can't understand you also formatted before and reinstalled windows again without even installing a decent antivirus and firewall.


Well let's deal with the most important ones first and afterwards I'll let you install an antivirus and firewall because you definitaly need them!!

Download http://www.derbilk.de/404.html
Unzip it to your desktop.

Start SpSeHjfix and click "Start disinfection"

Let it finish the job.

Restore your websettings: Go to start > controlpanel > Internetoptions > Tab Programs.
Click: "Restore Websettings"

download next tool to your desktop:

http://users.pandora.be/bluepatchy/FixO.exe

Doubleclick FixO.exe and choose install.
This will create a new folder on your desktop called FixO
Open the folder and doubleclick FixO.bat

It will generate a log afterwards. Copy and paste the contents of that log together with a new hijackthislog and the log that SpSeHjfix produced. (it's in the same folder as SpSeHjfix)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:19 AM

Posted 08 July 2005 - 04:47 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users