|
|
 | | From: | emiliehzw at yahoo.com | | Subject: | Hijackthis log - help needed | | Date: | 23 Jan 2005 00:09:50 -0800 |
|
|
 | Hi all,
I've been trying to get rid of this blue toolbar at the bottom of my
desktop. I have Spybot S&D, Ad-Aware, and AVG installed. Could someone
look at my Hijackthis log and provide me with wise advice on what to
fix? Your help is greatly appreciated.
thanks.
Mli
Logfile of HijackThis v1.98.2
Scan saved at 12:42:07 AM, on 1/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\system32\SahAgent.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\Gtiae\Etortt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis - against spyware\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.umantokdpybhkhiibrn.com/cSMBLB5wZzRmB_TizIDAbppdzfSzyjnDVCZw5BKFWYpWa97g1GLpKLiu2D7eiZPI.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}
- (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA}
- C:\WINDOWS\system32\msbe.dll
O2 - BHO: (no name) - {FDF96CC2-6EBE-E33A-9C09-3209AE87F197} -
C:\DOCUME~1\Owner\APPLIC~1\INSIDE~1\hide five.exe
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no
file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS
Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [c06a61557c47] C:\WINDOWS\System32\cehelper.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus!
3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\system32\SahAgent.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd
Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Rnsxmelq] C:\Program Files\Gtiae\Etortt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IdleTypeInterMapi] C:\Documents and Settings\All
Users\Application Data\RULE NURB IDLE TYPE\One Bold.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe"
/nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [modedate] C:\DOCUME~1\Owner\APPLIC~1\BOOBAR~1\Exit
Global.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime
Environment 1.4.0_01) -
|
|
| | From: | emiliehzw at yahoo.com | | Subject: | Re: Hijackthis log - help needed | | Date: | 23 Jan 2005 14:17:44 -0800 |
|
|
| Hi Jason,
Thanks for your advice. The toolbar's gone. I ran an AVG scan but it
wasn't up to date. Spybot and Ad-aware are fully updated though. As I'm
not the only one using that computer, I know there is a lot of useless
stuff that has been installed there... Norton anti-virus is kinda old,
i have the 2003 version but the firewall's up to date.
Thanks again
Mli
|
|
| | From: | Jason Edwards | | Subject: | Re: Hijackthis log - help needed | | Date: | Sun, 23 Jan 2005 22:58:21 -0000 |
|
|
| wrote in message
news:1106518664.257545.97790@f14g2000cwb.googlegroups.com...
> Hi Jason,
>
> Thanks for your advice. The toolbar's gone. I ran an AVG scan but it
> wasn't up to date. Spybot and Ad-aware are fully updated though. As I'm
> not the only one using that computer, I know there is a lot of useless
> stuff that has been installed there... Norton anti-virus is kinda old,
> i have the 2003 version but the firewall's up to date.
> Thanks again
As you have discovered AVG is far more useful than a software firewall,
provided you get daily updates, but even AVG cannot protect against all
malware because it depends on someone else at AVG discovering the malware
and preparing the updates. So it's possible it could miss recently created
malware and when it does find malware the malware has most likely already
installed and run.
Jason
>
> Mli
>
|
|
| | From: | Jason Edwards | | Subject: | Re: Hijackthis log - help needed | | Date: | Sun, 23 Jan 2005 10:40:42 -0000 |
|
|
| wrote in message
news:1106461277.702837.298980@c13g2000cwb.googlegroups.com...
> Hi all,
>
> I've been trying to get rid of this blue toolbar at the bottom of my
> desktop. I have Spybot S&D, Ad-Aware, and AVG installed. Could someone
> look at my Hijackthis log and provide me with wise advice on what to
> fix? Your help is greatly appreciated.
There are many forums which will help you with this
You can find them like this
http://www.google.com/search?&q=hijackthis+forum
Also someone recently mentioned this site.
http://www.hijackthis.de/index.php
Paste the log there and analyze. Scroll down through the results.
Then use hijackthis to remove the nasty ones.
If it were me I would remove everything listed as nasty or unknown but that
may result in having to reinstall some things and you still can't be sure
that there's no malware left because the name of a file tells you nothing
about its contents.
Are you sure that spybot s&d is up do date?
Have you searched for updates and installed them all?
Have you used it to check for problems and fixed all the selected problems?
Is AVG up to date and has a full scan been done?
The best advice would be to wipe the hard disk drive and reinstall the
operating system followed by any other applications you need.
If you want to avoid this happening again then you're going to have to
resist the temptation to install anything and everything you're offered.
Just out of curiosity, how long have you had Norton products installed on
the system?
Jason
>
> thanks.
>
> Mli
>
> Logfile of HijackThis v1.98.2
> Scan saved at 12:42:07 AM, on 1/23/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\Program Files\Norton Personal Firewall\NISUM.EXE
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
> C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\wscntfy.exe
> C:\windows\system\hpsysdrv.exe
> C:\WINDOWS\system32\ps2.exe
> C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
> C:\Program Files\QuickTime\qttask.exe
> C:\Program Files\Messenger Plus! 3\MsgPlus.exe
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
> C:\WINDOWS\ALCXMNTR.EXE
> C:\Program Files\Internet Optimizer\optimize.exe
> C:\WINDOWS\system32\SahAgent.exe
> C:\Program Files\BullsEye Network\bin\bargains.exe
> C:\Program Files\DeskAd Service\DeskAdServ.exe
> C:\Program Files\Gtiae\Etortt.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\Spyware Doctor\spydoctor.exe
> C:\Program Files\DeskAd Service\DeskAdKeep.exe
> C:\WINDOWS\system32\ctfmon.exe
> c:\progra~1\intern~1\iexplore.exe
> c:\progra~1\intern~1\iexplore.exe
> C:\Program Files\MSN\MSNCoreFiles\msn6.exe
> C:\Program Files\MSN Messenger\msnmsgr.exe
> C:\PROGRA~1\WINZIP\wzqkpick.exe
> C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
> C:\Program Files\Mozilla Firefox\firefox.exe
> C:\Program Files\Hijackthis - against spyware\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://qus7.hpwis.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = http://srch-qus7.hpwis.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
>
http://www.umantokdpybhkhiibrn.com/cSMBLB5wZzRmB_TizIDAbppdzfSzyjnDVCZw5BKFWYpWa97g1GLpKLiu2D7eiZPI.html
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.google.ca/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://qus7.hpwis.com/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = http://srch-qus7.hpwis.com/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://qus7.hpwis.com/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
>
> R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}
> - (no file)
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
> - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA}
> - C:\WINDOWS\system32\msbe.dll
> O2 - BHO: (no name) - {FDF96CC2-6EBE-E33A-9C09-3209AE87F197} -
> C:\DOCUME~1\Owner\APPLIC~1\INSIDE~1\hide five.exe
> O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no
> file)
> O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
> O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS
> Software\Update Manager\sgtray.exe" /r
> O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
> O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
> O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
> O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
> C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
> O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
> O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [c06a61557c47] C:\WINDOWS\System32\cehelper.exe
> O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus!
> 3\MsgPlus.exe"
> O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
> /STARTUP
> O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
> O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
> O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
> Optimizer\optimize.exe"
> O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\system32\SahAgent.exe
> O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
> Network\bin\bargains.exe
> O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd
> Service\DeskAdServ.exe
> O4 - HKLM\..\Run: [Rnsxmelq] C:\Program Files\Gtiae\Etortt.exe
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
> Shared\ccRegVfy.exe"
> O4 - HKLM\..\Run: [IdleTypeInterMapi] C:\Documents and Settings\All
> Users\Application Data\RULE NURB IDLE TYPE\One Bold.exe
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
> C:\PROGRA~1\SYMNET~1\SNDMon.exe
> O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
> O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
> Doctor\spydoctor.exe" /Q
> O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe"
> /nosplash /minimized
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [modedate] C:\DOCUME~1\Owner\APPLIC~1\BOOBAR~1\Exit
> Global.exe
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
> Files\WinZip\WZQKPICK.EXE
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime
> Environment 1.4.0_01) -
>
|
|
|
