Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dawei's log


  • Please log in to reply
1 reply to this topic

#1 Dawei

Dawei

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 05 October 2005 - 04:19 AM

Hi i'm pretty much you're average "computer help for dummies" guy and i've got a hijack this log, as well as that annoying about:blank homepage. It even sometimes totally redirects me to this page from the page I'm currently viewing (e.g. myspace.com). Here's my hijack this log.... whats wrong with my computer??? :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 7:09:53 PM, on 5/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\David\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\David\LOCALS~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\David\LOCALS~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {215E455B-0CB8-414D-8D6D-A7C7C3233161} - C:\WINDOWS\System32\kcae.dll
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\David\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O18 - Filter: text/html - {E6D5E27E-3D11-44DF-9A51-F3B0F3D9F728} - C:\WINDOWS\System32\kcae.dll
O18 - Filter: text/plain - {E6D5E27E-3D11-44DF-9A51-F3B0F3D9F728} - C:\WINDOWS\System32\kcae.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

btw i tried doing a suggested step that involved copying down a dll filename through regedit... it was located in something like windows NT/ but i didn't find the filename?
thoroughly confused and frustrated,
david

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 October 2005 - 04:48 AM

Hi Dawei and Welcome to the Bleeping Computer!

I asked to have your post moved into its own thread so we dont confuse any one!


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Download and Install
CleanUp!
Dont use it yet!


Please Download SpSeHjfix112:
http://www.derbilk.de/SpSeHjfix112.zip
or
http://www.trojaner-info.de/cgi-bin/downlo...gi?file=sphjfix
Once downloaded,Unzip it and Make sure to Extract All Files!


Run SpSeHjfix112

Click on "Start Disinfection"

When it's finished it will reboot your machine to finish the cleaning process!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

The tool creates a log of the fix which will appear in the new folder!

Please Save that Log,I may ask to see it!


Once in Safe Mode Open and Run the CleanUp! Program!

Click the CleanUp tab to begin-> Let it remove all the temporary files it finds-> Once Complete,Click the "Close" tab and Click "NO" to Log Off!


Now make sure all other Windows and Browsers are Closed and open Ewido-> Scan the entire System-> Clean all it finds and be sure to click the tab to Save a Report!


After Ewido has finished-> Run SpSeHjfix112 again!

Click on "Start Disinfection"

When it's finished it will reboot your machine to finish the cleaning process!

Restart back in Normal Mode!

Please be sure to Save both logs from SpSeHjfix112!


Have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from SpSeHjfix112-> Ewido and Panda!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users