Hi Jack This

Discussion in 'adware, spyware & hijack cleaning' started by gatesi1, Jun 22, 2004.

Thread Status:
Not open for further replies.
  1. gatesi1

    gatesi1 Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    4
    i have run spy ware and when i log on i automatically get logged on to the internet, all my system is running slow, and i keep getting directed to a site www.h4ckfreesoftware.com

    please can you review my logfile and let me know what i need to remove??

    Thanks
    gatesi

    Logfile of HijackThis v1.97.7
    Scan saved at 10:57:08, on 22/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\gsicon.exe
    C:\WINDOWS\System32\dslagent.exe
    C:\WINDOWS\System32\firewal1.exe
    C:\WINDOWS\System32\wupdmgt.exe
    C:\WINDOWS\System32\wuawx.exe
    C:\WINDOWS\System32\MSlti32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\System32\jfhdtg.exe
    C:\PROGRA~1\PESTPA~1\PPControl.exe
    C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe
    C:\WINDOWS\realtime.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Documents and Settings\Owner\My Documents\HijackThis.exe
    C:\WINDOWS\SYSTEM32\rundll32.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\edyutoi.exe
    O4 - HKLM\..\Run: [RasCon Remote Access Service Manager] rasmngr.exe
    O4 - HKLM\..\Run: [Windows Firewall] firewal1.exe
    O4 - HKLM\..\Run: [Microsoft Windows Services] wupdmgt.exe
    O4 - HKLM\..\Run: [Microsoft Update Machine] wuawx.exe
    O4 - HKLM\..\Run: [Microsoft AUT Update] MSlti32.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [qpmdxev] C:\WINDOWS\System32\jfhdtg.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PestPatrolCL] C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe c:\
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKLM\..\RunServices: [RasCon Remote Access Service Manager] rasmngr.exe
    O4 - HKLM\..\RunServices: [Windows Firewall] firewal1.exe
    O4 - HKLM\..\RunServices: [Microsoft Windows Services] wupdmgt.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuawx.exe
    O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe
    O4 - HKCU\..\Run: [RasCon Remote Access Service Manager] rasmngr.exe
    O4 - HKCU\..\Run: [Windows Firewall] firewal1.exe
    O4 - HKCU\..\Run: [Microsoft Windows Services] wupdmgt.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] wuawx.exe
    O4 - HKCU\..\Run: [Microsoft AUT Update] MSlti32.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20aa35680fa8efeac618/netzip/RdxIE601.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38157.551412037
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{594EBA99-3296-4100-BD19-82188567861B}: NameServer = 194.72.9.34 194.74.65.69
     
    gatesi1, Jun 22, 2004
    #1
  2. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    your system seems to be badly infected with different bots

    O4 - HKLM\..\RunServices: [RasCon Remote Access Service Manager] rasmngr.exe
    O4 - HKLM\..\RunServices: [Windows Firewall] firewal1.exe
    O4 - HKLM\..\RunServices: [Microsoft Windows Services] wupdmgt.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] wuawx.exe
    O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe

    go to windowsupdate and install all available patches, especially the critical ones.

    do an online scan:http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    or

    http://housecall.trendmicro.com/housecall/start_corp.asp

    or even

    http://www.bitdefender.com/scan/licence.php

    or maybe do them all, let the scanners handle what they find

    post a new hijackthis log when finished
     
    illukka, Jun 22, 2004
    #2
  3. snapdragin

    snapdragin Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    snapdragin, Jun 29, 2004
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...