Thread: Hijack this log help
View Single Post
Old 07-06-2005, 03:32 AM   #1 (permalink)
Thanatos
Registered User
 
Join Date: Oct 2004
Posts: 5
OS: WinXP


Hijack this log help
Hi, having major PC problem.
I've run AVG and adaware and spybot search and destroy. They all find and delete something and the next time I run them, theyn find and delete it again. I'ts driving me nuts.

Problems
IE homepage has changed
Thing next to the clock(cant remember what its called) show a red icon which says your computer is infected and links to a psscan website.
Whenever I open IE I get an AVG virus warning.

Virus
The virus is called a Trojan Horse Startpage.19.J
Also have a Backdoor Generic DJI and a
BackDoor Generic.DFX

AdAware
Adaware finds a Coolwebsearch with a TAC value of 10 which it removes(but comes back)



What I've Done
Run full virus scan (whit all updates)
Run adaware (with all updates)
Run Spybot S&D(with all updates)
Run Hijack This and the analyser.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:17:16 p.m., on 6/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\intel32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\gaming\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\gaming\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O1 - Hosts: 82.146.33.177 lloydstsb.co.uk
O1 - Hosts: 82.146.33.177 online.lloydstsb.co.uk
O1 - Hosts: 82.146.33.177 www.lloydstsb.co.uk
O1 - Hosts: 82.146.33.177 www.lloydstsb.com
O1 - Hosts: 82.146.33.177 personal.barclays.co.uk
O1 - Hosts: 82.146.33.177 barclays.co.uk
O1 - Hosts: 82.146.33.177 ibank.barclays.co.uk
O1 - Hosts: 82.146.33.177 www.barclays.co.uk
O1 - Hosts: 82.146.33.177 www.nwolb.com
O1 - Hosts: 82.146.33.177 nwolb.com
O1 - Hosts: 82.146.33.177 hsbc.co.uk
O1 - Hosts: 82.146.33.177 www.hsbc.co.uk
O1 - Hosts: 82.146.33.177 abbey.com
O1 - Hosts: 82.146.33.177 www.abbey.com
O1 - Hosts: 82.146.33.177 www.abbey.co.uk
O1 - Hosts: 82.146.33.177 abbey.co.uk
O1 - Hosts: 82.146.33.177 cahoot.com
O1 - Hosts: 82.146.33.177 www.cahoot.com
O1 - Hosts: 82.146.33.177 www.cahoot.co.uk
O1 - Hosts: 82.146.33.177 cahoot.co.uk
O1 - Hosts: 82.146.33.177 www.co-operativebank.co.uk
O1 - Hosts: 82.146.33.177 co-operativebank.co.uk
O1 - Hosts: 82.146.33.177 www.co-operativebank.com
O1 - Hosts: 82.146.33.177 co-operativebank.com
O1 - Hosts: 82.146.33.177 welcome2.co-operativebankonline.co.uk
O1 - Hosts: 82.146.33.177 welcome6.co-operativebankonline.co.uk
O1 - Hosts: 82.146.33.177 welcome8.co-operativebankonline.co.uk
O1 - Hosts: 82.146.33.177 welcome10.co-operativebankonline.co.uk
O1 - Hosts: 82.146.33.177 www.smile.co.uk
O1 - Hosts: 82.146.33.177 smile.co.uk
O1 - Hosts: 82.146.33.177 www.cajamar.es
O1 - Hosts: 82.146.33.177 cajamar.es
O1 - Hosts: 82.146.33.177 www.cajamar.com
O1 - Hosts: 82.146.33.177 www.unicaja.es
O1 - Hosts: 82.146.33.177 unicaja.es
O1 - Hosts: 82.146.33.177 www.unicaja.com
O1 - Hosts: 82.146.33.177 unicaja.com
O1 - Hosts: 82.146.33.177 www.caixagalicia.es
O1 - Hosts: 82.146.33.177 caixagalicia.es
O1 - Hosts: 82.146.33.177 www.caixagalicia.com
O1 - Hosts: 82.146.33.177 caixagalicia.com
O1 - Hosts: 82.146.33.177 activa.caixagalicia.es
O1 - Hosts: 82.146.33.177 www.caixapenedes.es
O1 - Hosts: 82.146.33.177 caixapenedes.es
O1 - Hosts: 82.146.33.177 www.caixapenedes.com
O1 - Hosts: 82.146.33.177 caixapenedes.com
O1 - Hosts: 82.146.33.177 bancae.caixapenedes.com
O1 - Hosts: 82.146.33.177 www.caixasabadell.es
O1 - Hosts: 82.146.33.177 caixasabadell.es
O1 - Hosts: 82.146.33.177 www.caixasabadell.net
O1 - Hosts: 82.146.33.177 caixasabadell.net
O1 - Hosts: 82.146.33.177 www.cajamadrid.es
O1 - Hosts: 82.146.33.177 cajamadrid.es
O1 - Hosts: 82.146.33.177 www.cajamadrid.com
O1 - Hosts: 82.146.33.177 cajamadrid.com
O1 - Hosts: 82.146.33.177 oi.cajamadrid.es
O1 - Hosts: 82.146.33.177 www.ccm.es
O1 - Hosts: 82.146.33.177 ccm.es
O1 - Hosts: 17.145.117.11 d-ru-1f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-ru-1h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-ru-2f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-ru-2h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-2f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-2h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-1f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-eu-1h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-us-1f.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 d-us-1h.kaspersky-labs.com
O1 - Hosts: 17.145.117.11 downloads1.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads2.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads3.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads4.kaspersky.ru
O1 - Hosts: 17.145.117.11 downloads5.kaspersky.ru
O1 - Hosts: 17.145.117.11 www.kaspersky.ru
O1 - Hosts: 17.145.117.11 kaspersky.ru
O1 - Hosts: 17.145.117.11 kaspersky-labs.com
O1 - Hosts: 17.145.117.11 www.kaspersky-labs.com
O2 - BHO: (no name) - {F4A7AAC1-A2EB-49B7-8043-7421F4F25C8A} - C:\WINDOWS\System32\imal.dll
O4 - HKLM\..\Run: [Ins3DT] F:\INSTALL4\INS3DT.EXE
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Filter: text/html - {98FB572A-D936-4FD8-AF60-C693779D20DC} - C:\WINDOWS\System32\imal.dll
O18 - Filter: text/plain - {98FB572A-D936-4FD8-AF60-C693779D20DC} - C:\WINDOWS\System32\imal.dll


End of KRC HijackThis Analyzer Log.
====================================================================

I dont want any toolbars or messenger.
The only things I need are INCD and my virus checker, Adaware and Spybot.

Thanks for the Assist

Thanatos

P.S I did not close my internet connection when I ran Hijack this. I did close all open programs though. Let me know if this is a problem.
Thanatos is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here