Results 1 to 4 of 4

Thread: hijack this log from a friends pc

  1. #1
    Regular Member RAAF453_Shep's Avatar
    Join Date
    Jul 2003
    Location
    San Antonio, Tx
    Posts
    286

    hijack this log from a friends pc

    Logfile of HijackThis v1.99.1
    Scan saved at 3:41:43 PM, on 9/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MPVIDEOCODEC\isamonitor.exe
    C:\Program Files\Saitek\Software\ProfilerU.exe
    C:\Program Files\Saitek\Software\SaiMfd.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MPVIDEOCODEC\isamini.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
    C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Documents and Settings\Richard\My Documents\ScreenHunter.exe
    C:\Documents and Settings\Richard\My Documents\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\MPVIDEOCODEC\isaddon.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
    O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151850225593
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: interceptor.dll
    O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe

    it disabled his antivirus , and is trying to force him to buy spyware programs

    i had him install avg , and run cwshredder and ccleaner to try to help.
    we set his homepage in IE to blank , to no avail.
    his add and remove list in windows is blank , except for these new installs.
    Last edited by RAAF453_Shep; 09-27-06 at 04:00 AM.
    nothing like my Virtual Spitfire Mk IXc and a few wingmen to cover my 6 !

  2. #2
    Regular Member RAAF453_Shep's Avatar
    Join Date
    Jul 2003
    Location
    San Antonio, Tx
    Posts
    286
    nothing like my Virtual Spitfire Mk IXc and a few wingmen to cover my 6 !

  3. #3
    Dr Tweak mnosteele52's Avatar
    Join Date
    Jul 2001
    Location
    Chesapeake, VA
    Posts
    11,912
    Prior to doing anything XP users MUST disable System Restore!!! You can re enable it after you are clean.

    1. Download, install and run CrapCleaner to remove any temporary and junk files.

    2. Download Ad-Aware SE 1.06 and set it up as shown HERE.

    3. Download SpyBot Search & Destroy 1.4 and set it up as shown HERE.

    4. Download SUPERAntiSpyware, update and do a full system scan.

    5. Download Ewido Anti-Malware 4.0, update and do a full system scan.

    6. Download and run CWShredder.

    7. Do a FREE online virus scan from BitDefender Online Scan and remove all that it finds.

    8. If you aren't currently using a firewall or anti-virus profram then I suggest you install Comodo Firewall and Active Virus Shield - (setup instructions HERE), both are FREE and offer excellent protection.

    9. It is a good idea to use Sysinternal's Autoruns to make sure you have removed all of the malware.

    10. It it also a good idea to run the Winsock Fix to repair your TCP/IP stack. (you will have to redo any tweaks for your connection if this is used)

    11. If after doing ALL of the above and you are still having problems please scan with HijackThis 1.99.1 as shown HERE and post a log here in this forum for us to look at.

    12. Download SpywareBlaster 3.5.1 and set it up as shown HERE to help stay spyware free.

    13. Make sure you have ALL of the latest Windows Updates.

    Help & Tips broadbandnuts.com - CableNut Tcp/Ip Analyzer TCPOptimizer drtweak.com - Dr Tweak

  4. #4
    Regular Member RAAF453_Shep's Avatar
    Join Date
    Jul 2003
    Location
    San Antonio, Tx
    Posts
    286

    the fix is done.

    well the smitfraud fix was the ticket.
    he reported to me that resolved it , and I had him add the MVPS Host file , along with the other recommended work .
    he's running the new IE7 beta .... I dont like the look of it. But I resisted XP , for my trusty ol 98 , what now seems forever ago , so who knows.... surely not me !
    nothing like my Virtual Spitfire Mk IXc and a few wingmen to cover my 6 !

Similar Threads

  1. Help : Rootkit in my PC. incl HJT Log
    By sparkynsg in forum Network Security
    Replies: 2
    Last Post: 09-12-06, 08:06 AM
  2. Hijack this log analysis
    By scillye in forum Network Security
    Replies: 2
    Last Post: 02-21-06, 02:57 PM
  3. Friends pc was crappy (semi-fixed) but need help
    By d2fanatic007 in forum Network Security
    Replies: 2
    Last Post: 02-02-06, 05:03 PM
  4. Can't Log Into Router from another pc
    By gabereal1 in forum Network Security
    Replies: 2
    Last Post: 05-14-05, 06:33 AM
  5. Help with hijack log
    By eightisone in forum Network Security
    Replies: 2
    Last Post: 03-10-05, 10:57 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •