Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log/404ads problem/backdoor issue


  • Please log in to reply
1 reply to this topic

#1 sknott

sknott

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 22 December 2004 - 11:55 PM

Hi, I have a few problems with my PC right now.
The first is that seem to have the 404ad.net redirect. Many websites I try to access gets the redirect.
Here is the HiJack this log:

Logfile of HijackThis v1.99.0
Scan saved at 11:47:16 PM, on 12/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\ltmsg.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\uvrnhkm.exe
C:\Program Files\D-Link Air\Air.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Semagic\LiveJournalU.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AEB076DC-B566-F96F-14A0-BB024AD67712} - C:\WINDOWS\Jjficlav.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {8578214E-26F8-C66C-D69C-F823F8DC4A9F} - C:\WINDOWS\Jjficlav.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\uvrnhkm.exe
O4 - Global Startup: D-Link Air.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe



So there it is.
Also, the other problem I have is that I cannot seem to install the new Windows Service Pack. Everytime I try it says that it was unable to install but doesn't give a reason.

Another problem I have having is that in my C drive I have something called 'bla' which I think I have read is a backdoor thing. Anyone know how to get rid of it? And there is also something called "Counter" but I don't know what it is or if it is harmful or not.

Hopefully someone can help.
Thanks in advance!

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:48 PM

Posted 23 December 2004 - 04:50 PM

Do you have a file called c:\windows\system32\ms0b920b.dll?


Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Reboot your computer into Safe Mode

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {AEB076DC-B566-F96F-14A0-BB024AD67712} - C:\WINDOWS\Jjficlav.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Search - {8578214E-26F8-C66C-D69C-F823F8DC4A9F} - C:\WINDOWS\Jjficlav.dll
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\uvrnhkm.exe
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\Jjficlav.dll
C:\WINDOWS\System32\nvms.dll
C:\WINDOWS\System32\mscb.dll
C:\WINDOWS\System32\msbe.dll
C:\WINDOWS\Jjficlav.dll
C:\WINDOWS\System32\uvrnhkm.exe
C:\WINDOWS\System32\angelex.exe


Then click on Start, then run, and type sc delete ISEXEng and press the OK button.

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users