Tech Support Forum banner
Cancel

Posts by Ethan

Jump to Latest Follow
Status
Not open for further replies.
1 - 8 of 15 Posts
E

· Registered
Joined
·
13 Posts
Discussion Starter · #1 ·
My HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:32:25 PM, on 8/19/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP3 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\manny ramirez\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.find-more.net/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 169.254.0.0
O2 - BHO: (no name) - {024F97B6-DC4B-49A6-962A-B3B0665A696B} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1884fe38-ce34-42d6-a272-ba950f73dfbb} - C:\WINDOWS\system32\opwaofmc.trj
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FD066360-E17B-45B3-9A10-DCBD5C75E993} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Microsoft AntiSpyware helper - {7A412B54-CC47-403B-B6D0-573A02372AE1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A412B54-CC47-403B-B6D0-573A02372AE1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D731F762-8684-4159-9F06-2B592E955601} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D731F762-8684-4159-9F06-2B592E955601} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O20 - Winlogon Notify: nwprovau - C:\WINDOWS\SYSTEM32\nwprovau.dll
O21 - SSODL: Sysctl Desktop Handler - {23456789-0000-0020-0900-00AAFF6D2EA4} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
 
E

· Registered
Joined
·
13 Posts
Discussion Starter · #3 ·
Here is the newest Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:15:00 AM, on 8/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP3 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\manny ramirez\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 169.254.0.0
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O20 - Winlogon Notify: nwprovau - C:\WINDOWS\SYSTEM32\nwprovau.dll
O21 - SSODL: Sysctl Desktop Handler - {23456789-0000-0020-0900-00AAFF6D2EA4} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


And the SPS Log:

(8/20/05 10:50:36 AM) SPSeHjFix started v1.1.2
(8/20/05 10:50:36 AM) OS: Win2000 Service Pack 4 (5.0.2195)
(8/20/05 10:50:36 AM) Language: english
(8/20/05 10:50:36 AM) Win-Path: C:\WINDOWS
(8/20/05 10:50:36 AM) System-Path: C:\WINDOWS\system32
(8/20/05 10:50:36 AM) Temp-Path: C:\DOCUME~1\MANNYR~1\LOCALS~1\Temp\
(8/20/05 10:50:41 AM) Disinfection started
(8/20/05 10:50:41 AM) Bad-Dll(IEP): c:\windows\temp\se.dll
(8/20/05 10:50:41 AM) UBF: 4 - UBB: 1 - UBR: 7
(8/20/05 10:50:41 AM) UBF: 4 - UBB: 1 - UBR: 7
(8/20/05 10:50:41 AM) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/sp.html
(8/20/05 10:50:41 AM) Stealth-String not found
(8/20/05 10:50:41 AM) No locked Files to delete. End without Reboot
(8/20/05 10:50:48 AM) Disinfection started
(8/20/05 10:50:48 AM) Bad-Dll(IEP): c:\windows\temp\se.dll
(8/20/05 10:50:48 AM) UBF: 4 - UBB: 1 - UBR: 7
(8/20/05 10:50:48 AM) UBF: 4 - UBB: 1 - UBR: 7
(8/20/05 10:50:48 AM) Bad IE-pages: (none)
(8/20/05 10:50:48 AM) Stealth-String not found
(8/20/05 10:50:48 AM) No locked Files to delete. End without Reboot


(8/20/05 10:50:53 AM) SPSeHjFix started v1.1.2
(8/20/05 10:50:53 AM) OS: Win2000 Service Pack 4 (5.0.2195)
(8/20/05 10:50:53 AM) Language: english
(8/20/05 10:50:53 AM) Win-Path: C:\WINDOWS
(8/20/05 10:50:53 AM) System-Path: C:\WINDOWS\system32
(8/20/05 10:50:53 AM) Temp-Path: C:\DOCUME~1\MANNYR~1\LOCALS~1\Temp\
(8/20/05 10:50:57 AM) Disinfection started
(8/20/05 10:50:57 AM) Bad-Dll(IEP): (not found)
(8/20/05 10:50:57 AM) Bad-Dll(IEP) in BHO: (not found)
(8/20/05 10:50:57 AM) UBF: 4 - UBB: 1 - UBR: 7
(8/20/05 10:50:57 AM) UBF: 4 - UBB: 1 - UBR: 7
(8/20/05 10:50:57 AM) Bad IE-pages: (none)
(8/20/05 10:50:57 AM) Stealth-String not found
(8/20/05 10:50:57 AM) Not infected->END


(8/20/05 10:52:30 AM) SPSeHjFix started v1.1.2
(8/20/05 10:52:30 AM) OS: Win2000 Service Pack 4 (5.0.2195)
(8/20/05 10:52:30 AM) Language: english
(8/20/05 10:52:30 AM) Win-Path: C:\WINDOWS
(8/20/05 10:52:30 AM) System-Path: C:\WINDOWS\system32
(8/20/05 10:52:30 AM) Temp-Path: C:\DOCUME~1\MANNYR~1\LOCALS~1\Temp\
(8/20/05 10:52:35 AM) Disinfection started
(8/20/05 10:52:35 AM) Bad-Dll(IEP): (not found)
(8/20/05 10:52:35 AM) Bad-Dll(IEP) in BHO: (not found)
(8/20/05 10:52:35 AM) UBF: 4 - UBB: 1 - UBR: 7
(8/20/05 10:52:35 AM) UBF: 4 - UBB: 1 - UBR: 7
(8/20/05 10:52:35 AM) Bad IE-pages: (none)
(8/20/05 10:52:35 AM) Stealth-String not found
(8/20/05 10:52:35 AM) Not infected->END
 
E

· Registered
Joined
·
13 Posts
Discussion Starter · #5 ·
Sorry for the delay on the post, after I recieved new instructions with the panda scan, I had to manually delete as many of the malware as possible because something prevented me from websurf, I finally figured out what went on and these are the results of the new scan:


Incident Status Location

Spyware:spyware/smitfraud No disinfected C:\WINDOWS\SYSTEM32\OLEADM32.DLL
Adware:adware/cws.yexe No disinfected C:\WINDOWS\inet20037
Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
Dialer:dialer.akd No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ
Adware:adware/exactsearch No disinfected Windows Registry
Adware:Adware/WinTools No disinfected C:\_RESTORE\TEMP\FS5726.0[A0386328.CPY]
Adware:Adware/WinTools No disinfected C:\_RESTORE\TEMP\FS5726.0[A0386329.CPY]
Spyware:Spyware/BargainBuddy No disinfected C:\_RESTORE\TEMP\FS5729.0[A0402533.CPY]
Adware:Adware/Apropos No disinfected C:\_RESTORE\TEMP\FS5729.0[A0402534.CPY]
Adware:Adware/Apropos No disinfected C:\_RESTORE\TEMP\FS5729.0[A0402543.CPY]
Dialer:Dialer.BB No disinfected C:\_RESTORE\TEMP\FS5789.0[A10594033.CPY]
 
E

· Registered
Joined
·
13 Posts
Discussion Starter · #7 ·
OK This is probably why my computer is so awful, and that's because I am so careless. Example: I accidentally deleted the log.

However, it did pick up a decent amount of spware, which I cleaned out and I seem to have a better overall system.

The original AIM problem still exists.
 
E

· Registered
Joined
·
13 Posts
Discussion Starter · #9 ·
Links don't work, whenever I click one it says the path to mozilla, has caused system 5 error, then I proceed to another small screen where it lets me chose the application to handle the link. I put in mozilla or ie and neither works.
 
E

· Registered
Joined
·
13 Posts
Discussion Starter · #13 ·
Yes I have tried those, and I also tried a few times redirecting the handler of the links (mozilla or ie, or back to mozilla and ie.) and nothing seems to work.
 
1 - 8 of 15 Posts
Status
Not open for further replies.
About this Discussion
14 Replies
3 Participants
Last post:
POADB
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top