Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This


  • Please log in to reply
6 replies to this topic

#1 pnkflyd1fn

pnkflyd1fn

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 30 November 2005 - 07:00 AM

Logfile of HijackThis v1.99.1
Scan saved at 3:47:27 AM, on 11/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\alg.exe
C:\Program Files\Gateway USB-G Wireless Monitor\WLService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Gateway USB-G Wireless Monitor\WLanG.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\wdfmgr.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\regsvr32.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127460974203
O17 - HKLM\System\CCS\Services\Tcpip\..\{159C55ED-6578-4466-86D2-2D62B65908BA}: NameServer = 85.255.114.37,85.255.112.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{B29CC1D5-5A62-4A11-B584-F4200FFB9AF9}: NameServer = 85.255.114.37,85.255.112.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1608CE2-F5A1-4E78-94FF-A5EFAF801713}: NameServer = 85.255.114.37,85.255.112.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{E076AB0C-2DF4-46FA-8301-2DBEB66BCF40}: NameServer = 85.255.114.37,85.255.112.126
O17 - HKLM\System\CS3\Services\Tcpip\..\{159C55ED-6578-4466-86D2-2D62B65908BA}: NameServer = 85.255.114.37,85.255.112.126
O20 - Winlogon Notify: st3 - C:\WINNT\system32\st3.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Gateway Wireless USB-G 2.0 Service (Gateway Wireless USB-G 2.0) - Unknown owner - C:\Program Files\Gateway USB-G Wireless Monitor\WLService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:30 AM

Posted 30 November 2005 - 03:55 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://forums.subratam.org/index.php?act=A...e=post&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{159C55ED-6578-4466-86D2-2D62B65908BA}: NameServer = 85.255.114.37,85.255.112.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{B29CC1D5-5A62-4A11-B584-F4200FFB9AF9}: NameServer = 85.255.114.37,85.255.112.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1608CE2-F5A1-4E78-94FF-A5EFAF801713}: NameServer = 85.255.114.37,85.255.112.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{E076AB0C-2DF4-46FA-8301-2DBEB66BCF40}: NameServer = 85.255.114.37,85.255.112.126
O17 - HKLM\System\CS3\Services\Tcpip\..\{159C55ED-6578-4466-86D2-2D62B65908BA}: NameServer = 85.255.114.37,85.255.112.126
O20 - Winlogon Notify: st3 - C:\WINNT\system32\st3.dll


Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Download killbox from here:

KillBox

Unzip the folder to your desktop.

1. Start Killbox.exe
2. Select the Delete on Reboot option.
3. Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINNT\system32\st3.dll

4. Go to the File menu of Killbox, and choose Paste from Clipboard.
5. Click the Delete File button that is a red-and-white X. When asked if you want to delete these files say Yes. When asked if you want to reboot now, say No.
6. Exit Killbox.
Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:30 AM

Posted 30 November 2005 - 08:36 PM

Posted in the XP Forum by pnkflyd1fn ( http://www.bleepingcomputer.com/forums/ind...24&#entry198624 )

Today, 11:58 AM
Last night I was on my computer and everything was working fine except for the internet but I payed no attention to it seeing that its wireless and it gives me trouble now and again. Anyways, I was editing some files when a pop up appeared from the lower right corner in the shape of a shield saying something like your in danger of something firewall. I don't really remember so I submitted a hijack this log here and tried to shut down the computer. All the programs shut off, the toolbar, my documents , everything except it wouldn't shut down you could still see the wallpaper, it's done this before so I waited a while and still no response so I just unplugged the cord, I know your not supposed to do that but I did. Later I went back on the computer and everything started normally except when I tried to open anything on the desktop it wouldn't, everything was frozen, EVERYTHING, the mouse worked fine but EVERYTHING IS FROZEN. HELP I HAVE NO IDEA HOW TO FIX THIS lmfao.gif PLEASE, THIS COMPUTER IS MY BABY


I advised him to try Safe Mode.

Edited by usasma, 30 November 2005 - 08:39 PM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 pnkflyd1fn

pnkflyd1fn
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 01 December 2005 - 04:04 AM

I loged on in safe mode but my account still wouldn't budge so I loged off and went on administrator account. That one seemed to work fine. I downloaded Fixwareout and did what you asked. It asked me to reboot so I did. A pop up appeared saying to scan with hijack this. I pressed ok and when it was finished a report appeared and i tried to copy it but everything was frozen. I also tried killbox but when I pressed delete file nothing happened. :thumbsup:

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:30 AM

Posted 01 December 2005 - 04:46 AM

Ok, can you try and post a new HJT log
Thanks
David

#6 pnkflyd1fn

pnkflyd1fn
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:30 AM

Posted 01 December 2005 - 08:31 PM

Does it matter if I scan on the administrator acount instead of mine?

Edited by pnkflyd1fn, 02 December 2005 - 06:35 AM.


#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:30 AM

Posted 02 December 2005 - 11:55 AM

From your account should be good! :thumbsup:

david




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users