please help - hijackthis

Discussion in 'adware, spyware & hijack cleaning' started by jasonbrooks, May 3, 2004.

Thread Status:
Not open for further replies.
  1. jasonbrooks

    jasonbrooks Registered Member

    Joined:
    May 3, 2004
    Posts:
    3
    I seem to have a virus, PSWBISpy.B - can someone read this hijackthis file
    and let me know what you think - thanks alot. AVG sometimes finds the virus, but it doesnt seem to go away.


    Logfile of HijackThis v1.97.7
    Scan saved at ¤U¤È 08:44:28, on 2004/5/2
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\tp4mon.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Vikki\Local Settings\Temporary Internet
    Files\Content.IE5\I7GDE3AP\HijackThis[1].exe

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
    Files\Yahoo!\Messenger\ycomp5_1_5_0.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: o_O?? - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Messenger\ycomp5_1_5_0.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
    /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync]
    C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
    /IMEName
    O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus
    Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: AdobeWeb.log
    O4 - Startup: LuResult.txt
    O4 - Startup: ntuser.dat
    O4 - Startup: NTUSER.DAT.LOG
    O4 - Startup: ntuser.ini
    O4 - Startup: ~
    O8 - Extra context menu item: ¶×¥X¦Ü Microsoft Excel(&X) -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
    http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
    http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37976.4927546296
    O16 - DPF: {A368C065-CAF0-11D4-97BC-00B0D069CAA1} (WebGuider-Player ActiveX
    Control) - http://update.2mouse.com.tw/wgplayer/player.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cab
     
    jasonbrooks, May 3, 2004
    #1
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi jasonbrooks,

    can you tell us the exact location on your PC where AVG finds it?

    Thnx

    Cheers,
     
    Unzy, May 3, 2004
    #2
  3. jasonbrooks

    jasonbrooks Registered Member

    Joined:
    May 3, 2004
    Posts:
    3
    yes - in c:/systemupdateinformation/_restore. It was a long file name with a lot of numbers - I tried disabling system update, and then relogging on. I'm not sure if this did the trick though, it seems to be a pesky little virus (another forum recommended I do this)
     
    jasonbrooks, May 3, 2004
    #3
  4. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi again,

    Yes, disabling system restore Here's How -> then doing a fresh reboot should help

    Don't forget to re-enable system restore again

    Cheers,
     
    Unzy, May 3, 2004
    #4
  5. jasonbrooks

    jasonbrooks Registered Member

    Joined:
    May 3, 2004
    Posts:
    3
    I will see if this works - so far, so good - thanks for the help
     
    jasonbrooks, May 3, 2004
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...