Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis: LogFile Help


  • Please log in to reply
1 reply to this topic

#1 Leah

Leah

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 13 January 2005 - 09:56 AM

Logfile of HijackThis v1.99.0
Scan saved at 9:42:38 AM, on 1/13/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Dynu Systems\Premium\premisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
f:\Oracle\Ora81\BIN\TNSLSNR.exe
f:\oracle\ora81\bin\ORACLE.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\MI4F93~1\webtool.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\certsrv.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\MsgSys.EXE
C:\WINNT\system32\cmd.exe
C:\WINNT\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
C:\WINNT\System32\devldr32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\devldr32.exe
C:\WINNT\inet10050\services.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINNT\System32\RUNDLL32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\winnt\180solutions\saap.exe
C:\WINNT\System32\internat.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\ABBYY Lingvo\LvAgent.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\ABBYY\Lingvo 8.0\LvAgent.exe
C:\Program Files\Dynu Systems\Premium\DynuPre.exe
C:\Program Files\WebSiteViewer\125013.dlr
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\WINNT\System32\jtevla.exe
C:\WINNT\r.exe
C:\WINNT\ef.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe
C:\WINNT\System32\dllcache\IExplore.exe
C:\WINNT\System32\dllcache\IExplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ABBYY Software House
R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
F3 - REG:win.ini: run=C:\WINNT\inet10050\services.exe
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINNT\questmod.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet10050\services.exe
O4 - HKLM\..\Run: [saap] c:\winnt\180solutions\saap.exe
O4 - HKLM\..\Run: [olix] C:\WINNT\olix.exe
O4 - HKLM\..\Run: [zbktaize] C:\WINNT\System32\jtevla.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet10050\services.exe
O4 - Startup: Premium Client.lnk = C:\Program Files\Dynu Systems\Premium\DynuPre.exe
O4 - Global Startup: ABBYY Lingvo 7.0 Launcher.lnk = C:\Program Files\ABBYY Lingvo\LvAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O4 - Global Startup: Shortcut to LvAgent.exe.lnk = C:\Program Files\ABBYY\Lingvo 8.0\LvAgent.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://develop.feedafamily.com
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} (IEDial Class) - http://usa-download.nocreditcard.com/downl...t/ieaccess2.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {5A66E13A-311D-488B-828D-DDDF52EFB636} (strprint.trprints) - https://partnering.one.microsoft.com/MCP/to...scriptPrint.CAB
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Dynu Basic Dynamic DNS Service v2.6 - Unknown - C:\Program Files\Dynu Systems\Basic\basicsvc.exe (file missing)
O23 - Service: Dynu Premium Dynamic DNS Service v3.9 - Unknown - C:\Program Files\Dynu Systems\Premium\premisvc.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: OracleOraHome81Agent - oracle - f:\Oracle\Ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown - f:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81CMAdmin - Unknown - f:\Oracle\Ora81\BIN\CMADMIN.EXE
O23 - Service: OracleOraHome81CMan - Unknown - f:\Oracle\Ora81\BIN\CMGW.EXE
O23 - Service: OracleOraHome81DataGatherer - Unknown - f:\Oracle\Ora81\bin\vppdc.exe (file missing)
O23 - Service: OracleOraHome81TNSListener - Unknown - f:\Oracle\Ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceFAMILY - Oracle Corporation - f:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: OracleServiceFEED - Oracle Corporation - f:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: OracleServicePROJ - Oracle Corporation - f:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: OracleServicePROJ1 - Oracle Corporation - f:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

Attached Files



BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:24 PM

Posted 14 January 2005 - 04:47 PM

First thing you should do is get rid of Kazaa...that's where you got all of this in the first place. :flowers:


Please downloadSpyBot and Adaware
.

Get the latest versions here:Install, and then verify that they are fully updated.

If you need help working with these tools, here are some helpful tutorials.
**********************************************************************


Boot into SAFE MODE by tapping the f8 key during boot up.


Run Spybot.

Run Adaware with the following options selected:

  • Configure Ad-aware
    • Click on the Gear-shaped icon at the top to open the Settings window.
    • All of the following settings I mention should be enabled (green checkmark). Some settings cannot be enabled in certain versions of Windows. If a setting I mention is grey and can't be enabled, skip it.
    • General Settings - Automatically save log-file, Automatically quarantine objects prior to removal, and Safe Mode (always request confirmation)
    • Scanning Settings
      • Scan Within Archives
      • Click on 'Click here to select drives + folders' and check next to each hard drive then hit ok.
      • Scan Active Processes
      • Scan Registry
      • Deep Scan Registry
      • Scan my IE favorites for banned URL’s
      • Scan my Hosts file
    • Advanced Settings - Enable all four options under 'Log-file Detail level'
    • Tweak Settings
      • Under 'Scanning Engine' - Enable 'Unload recognized processes during scanning', 'Include basic Ad-aware settings in logfile', and 'Include additional Ad-aware settings in logfile'
      • Under ‘Cleaning Engine’ - Enable 'Let Windows remove files in use at next reboot'
    • Click Proceed
  • Click on the 'Start' button in the lower right.

  • Select 'Use custom scanning options', enable 'Activate in-depth scanning', and click Next. The scan will take several minutes to complete. When the scan is complete click Next.

  • Right click on the list of items and click 'Select all items' then click Next. Press Yes to confirm. The detected items are now quarantined.

  • Close Ad-aware

==========================

Then reboot and post a new log. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users