|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
1200+ fellow developers rate and compare features of the top IDEs, like Visual Studio, Eclipse, RAD, Delphi and others, across 13 categories. Enjoy this FREE Download of the IDE User Satisfaction Study by Evans Data Corporation. Download Now!
|
|
#1
December 27th, 2004, 05:43 AM
|
|||
|
|||
|
log o' HIjack...i have bugs!
Someone please help...I can not get rid of this CWS thing. I clean it..it comes back..
Logfile of HijackThis v1.99.0 Scan saved at 3:29:43 PM, on 12/26/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe C:\Programas\Norton AntiVirus\navapsvc.exe C:\Programas\Norton AntiVirus\SAVScan.exe C:\Programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\javayx32.exe C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programas\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe C:\Programas\HP\Digital Imaging\Unload\hpqcmon.exe C:\Programas\HP\HP Share-to-Web\hpgs2wnd.exe C:\Programas\HPQ\Quick Launch Buttons\EabServr.exe C:\Programas\Ficheiros comuns\Sonic\Update Manager\sgtray.exe C:\WINDOWS\System32\hphmon05.exe C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\Programas\Apoint2K\Apntex.exe C:\Programas\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe C:\Programas\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programas\HP\HP Share-to-Web\hpgs2wnf.exe C:\Programas\HP\hpcoretech\hpcmpmgr.exe C:\Programas\HighCriteria\TotalRecorder\TotRecSched.exe C:\Programas\iTunes\iTunesHelper.exe C:\Programas\QuickTime\qttask.exe C:\WINDOWS\atlez.exe C:\Program Files\Admilli Service\AdmilliServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Programas\iPod\bin\iPodService.exe C:\Programas\Messenger\msmsgs.exe C:\Programas\Spyware Doctor\swdoctor.exe C:\Program Files\Admilli Service\AdmilliKeep.exe C:\Programas\Ficheiros comuns\Microsoft Shared\Works Shared\wkcalrem.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\obmti.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\obmti.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\obmti.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\obmti.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\obmti.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\obmti.dll/sp.html#28129 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\obmti.dll/sp.html#28129 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&modelID=PJ873E&product_full_name=Pavilion%20zv5000&PROD_SERIAL_ID=CND43315LC&PURCH_DT_MONTH=10&PURCH_DT_DAY=10&PURCH_DT_YEAR=2004&gwCountry=PT&language=PT&prodOS=011 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com* R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações R3 - Default URLSearchHook is missing N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Billy Creech\Application Data\Mozilla\Profiles\default\9etcqxaf.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgramas%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Billy Creech\Application Data\Mozilla\Profiles\default\9etcqxaf.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E9567AD-A477-BC7B-D34B-F349E1493803} - C:\WINDOWS\system32\msev.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file) O4 - HKLM\..\Run: [Apoint] C:\Programas\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Cpqset] C:\Programas\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [CamMonitor] C:\Programas\HP\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programas\HP\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programas\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Programas\Ficheiros comuns\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [WorksFUD] C:\Programas\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programas\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programas\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Programas\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programas\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mmtask] C:\Programas\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Programas\HighCriteria\TotalRecorder\TotRecSched.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Programas\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [122.tmp] C:\DOCUME~1\BILLYC~1\DEFINI~1\Temp\122.tmp.exe 0 28129 O4 - HKLM\..\Run: [atlez.exe] C:\WINDOWS\atlez.exe O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe O4 - HKLM\..\Run: [IST Service] C:\Programas\ISTsvc\istsvc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [kbdcz2] C:\WINDOWS\System32\kbdcz2.exe O4 - HKCU\..\Run: [kbdusx] C:\WINDOWS\System32\kbdusx.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programas\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: Webshots.lnk = C:\Programas\Webshots\Launcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lembretes do calendário do Microsoft Works.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office2\Office10\OSA.EXE O4 - Global Startup: Sitecom WLAN Client Utility.lnk = ? O4 - Global Startup: SpySubtract.lnk = C:\program files\interMute\SpySubtract\SpySub.exe O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
|
|
#2
January 3rd, 2005, 05:59 PM
|
|||
|
|||
|
Hi InHisCast,
If you still need help, please post a fresh HijackThis log. Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#3
January 4th, 2005, 06:31 AM
|
|||
|
|||
|
thank you!!
yes, i very much need help. here is today's log....
Logfile of HijackThis v1.99.0 Scan saved at 12:30:19 PM, on 1/4/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programas\Norton AntiVirus\navapsvc.exe C:\Programas\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\Programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\javayx32.exe C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe C:\WINDOWS\atlez.exe C:\Programas\Spyware Doctor\swdoctor.exe C:\Programas\MSN Messenger\msnmsgr.exe C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Programas\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Programas\Sitecom\Sitecom WLAN\WLANUTL.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE C:\Documents and Settings\Billy Creech\Ambiente de trabalho\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&modelID=PJ873E&product_full_name=Pavilion%20zv5000&PROD_SERIAL_ID=CND43315LC&PURCH_DT_MONTH=10&PURCH_DT_DAY=10&PURCH_DT_YEAR=2004&gwCountry=PT&language=PT&prodOS=011 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações R3 - Default URLSearchHook is missing N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Billy Creech\Application Data\Mozilla\Profiles\default\9etcqxaf.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgramas%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Billy Creech\Application Data\Mozilla\Profiles\default\9etcqxaf.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2569FBB3-D534-A987-8E7F-7AA3ADFC70C4} - C:\WINDOWS\system32\winlv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [atlez.exe] C:\WINDOWS\atlez.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programas\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Programas\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Sitecom WLAN Client Utility.lnk = ? O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programas\AIM\aim.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted IP range: (HKLM) O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12a035e8196a606b7619/netzip/RdxIE601.cab O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pt/games4.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1F2D968A-0481-4714-8389-DEC7BD45AC94}: NameServer = 194.65.100.117 O17 - HKLM\System\CS1\Services\Tcpip\..\{1F2D968A-0481-4714-8389-DEC7BD45AC94}: NameServer = 194.65.100.117 O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programas\HP\hpcoretech\comp\hpuiprot.dll O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Serviço de proteção automática do Norton AntiVirus - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\javayx32.exe
|
|
#4
January 4th, 2005, 11:57 AM
|
|||
|
|||
|
You might want to print these instructions for reference or copy and paste them into notepad and save them on your desktop, as you will be off the internet while using HijackThis.
If you have any questions before starting the fix, please don't hesitate to ask! Please download and save AboutBuster.zip http://downloads.subratam.org/AboutBuster.zip First unzip all files from the zip folder to a folder or your desktop. Start it and hit ok. Then hit update. A new screen should popup. On that screen hit Check for Updates. If it says it found an update hit Download Updates. If it doesn't it will automatically tell you and exit. Do not run AboutBuster yet. Just update it and close it. Next... Download Ad-Aware SE Personal Edition from: http://www.lavasoft.de/support/download/ Run Adaware, click the "Check for Updates now" link. Install the latest reference file. Do not scan and fix anything yet, just update it. Next... Make sure your computer is configured to show all files and folders. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden Files and Folders heading select Show Hidden Files and Folders. Uncheck hide extensions for known file types. Uncheck the Hide Protected Operating System Files option. Click Yes to confirm. Click OK. Next... Go to Start > Run and type "Services.msc" (without quotes) then hit Ok Scroll down and find the service called "Network Security Service". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. Next... Boot into Safe Mode: Reboot your computer, start tapping F8 when it first starts booting, select Safe Mode. Run HijackThis, click scan, place a checkmark next to the following items. Close all browsers and any other windows or the fix may not work! Click "fix checked". It is OK if some of these items are no longer listed. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eccsn.dll/sp.html#28129 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [atlez.exe] C:\WINDOWS\atlez.exe O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted IP range: (HKLM) O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12a035e8196a606b7619/netzip/RdxIE601.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pt/games4.cab Search for and delete the following file: C:\WINDOWS\atlez.exe Next... Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps. Scan with Adaware and let it remove anything it finds. Next.... Go to Start > Run > type "cleanmgr" (without the quotes). > Select the drive to clean up (usually C ) > Place a checkmark next to the following: Temporary Internet Files Recycle Bin Temporary Files Then click OK. Reboot normally. Next... I would like you to perform an onlne virus scan at Trend Micro http://housecall.trendmicro.com/ Select all of your drives for scanning. Please check "Auto clean" before scanning. If you can, copy and paste the report logs from the scan into your next post along with a fresh HijackThis log.. Post a fresh HijackThis log and the AboutBuster log. Tom
|
|
#5
January 5th, 2005, 07:03 AM
|
|||
|
|||
|
Updated files for log o' highJACK
Well, I tried to use the online virus scan you wanted me to use, but it wouldnt work. exp kept shutting down with about:blank as the main homepage. Here is updated highjack log..THANK YOU so much for helping me through this!
Logfile of HijackThis v1.99.0 Scan saved at 1:01:20 PM, on 1/5/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programas\Norton AntiVirus\navapsvc.exe C:\Programas\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\Programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\javayx32.exe C:\WINDOWS\system32\javakl32.exe C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe C:\Program Files\DeskAd Service\DeskAdServ.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\DeskAd Service\DeskAdKeep.exe C:\Programas\Apoint2K\Apoint.exe C:\WINDOWS\System32\rundll32.exe C:\Programas\Apoint2K\Apntex.exe C:\Programas\Spyware Doctor\swdoctor.exe C:\Programas\MSN Messenger\msnmsgr.exe C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Programas\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Programas\Sitecom\Sitecom WLAN\WLANUTL.exe C:\WINDOWS\System32\wuauclt.exe C:\DOCUME~1\BILLYC~1\DEFINI~1\Temp\6.tmp C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE C:\Documents and Settings\Billy Creech\Ambiente de trabalho\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hjoph.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hjoph.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hjoph.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hjoph.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hjoph.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hjoph.dll/sp.html#28129 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hjoph.dll/sp.html#28129 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações R3 - Default URLSearchHook is missing N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Billy Creech\Application Data\Mozilla\Profiles\default\9etcqxaf.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgramas%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Billy Creech\Application Data\Mozilla\Profiles\default\9etcqxaf.slt\prefs.js) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {A40E210D-44F7-33DE-2D6C-292A6520AB82} - C:\WINDOWS\winsj32.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Programas\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [javakl32.exe] C:\WINDOWS\system32\javakl32.exe O4 - HKLM\..\Run: [6.tmp] C:\DOCUME~1\BILLYC~1\DEFINI~1\Temp\6.tmp.exe 0 28129 O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programas\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Programas\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe O4 - Global Startup: Sitecom WLAN Client Utility.lnk = ? O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programas\AIM\aim.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.awmdabest.com (HKLM) O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted IP range: 206.161.125.149 O15 - Trusted IP range: (HKLM) O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1F2D968A-0481-4714-8389-DEC7BD45AC94}: NameServer = 194.65.100.117 O17 - HKLM\System\CS1\Services\Tcpip\..\{1F2D968A-0481-4714-8389-DEC7BD45AC94}: NameServer = 194.65.100.117 O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programas\HP\hpcoretech\comp\hpuiprot.dll O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Serviço de proteção automática do Norton AntiVirus - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programas\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ScsiAccess - Unknown - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Workstation NetLogon Service - Unknown - C:\WINDOWS\system32\javayx32.exe
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > log o' HIjack...i have bugs! |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
