Please i need to check my hijacklog

Discussion in 'adware, spyware & hijack cleaning' started by strunkal, May 31, 2004.

Thread Status:
Not open for further replies.
  1. strunkal

    strunkal Registered Member

    Joined:
    May 31, 2004
    Posts:
    2
    hello people i need to check my hijacklog to clean it the log it is :

    Logfile of HijackThis v1.97.7
    Scan saved at 19:40:27, on 31/05/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\Explorer.exe
    C:\ARCHIV~1\KITADS~1\bin\win2k\tidslmon.exe
    C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
    C:\Archivos de programa\a2\a2guard.exe
    C:\Archivos de programa\WIDCOMM\Software Bluetooth\BTTray.exe
    C:\Archivos de programa\Nokia\PC Suite for Nokia N-Gage\connmngmntbox.exe
    C:\Archivos de programa\Nokia\PC Suite for Nokia N-Gage\ectaskscheduler.exe
    C:\ARCHIV~1\Nokia\PCSUIT~1\Elogerr.exe
    C:\Archivos de programa\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
    C:\ARCHIV~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
    C:\ARCHIV~1\Nokia\PCSUIT~1\BROADC~1.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\ARCHIV~1\Nokia\PCSUIT~1\SCRFS.exe
    C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
    D:\Documents and Settings\XXX\Mis documentos\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.playonline.com/ff11us/index.shtml
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.telefonica.net/
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [TIxDSL] C:\ARCHIV~1\KITADS~1\bin\win2k\tidslmon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\system32
    O4 - HKLM\..\Run: [UpConfgVer] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\UpgConf.exe" /v:7.05.07
    O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [a²] "C:\Archivos de programa\a2\a2guard.exe"
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: PCSuiteForNokiaN-Gage Detect.lnk = ?
    O4 - Global Startup: PCSuiteForNokiaN-Gage TS.lnk = ?
    O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: @btrez.dll,-4015 (HKLM)
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F6478736-2E54-4469-A6E6-CD66EDA167E2}: NameServer = 194.224.52.36,194.224.52.37


    ok it is thanx you.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi strunkal,


    Check the following item in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\system32

    Then reboot and surf to http://www.kaspersky.com/remoteviruschk.html and have this file checked:
    C:\WINDOWS\system32\fservice.exe
    If you can't find it the file may be hidden. Check here how to "unhide" those: http://www.tacktech.com/display.cfm?ttid=192

    Let us know the results.

    Regards,

    Pieter
     
  3. strunkal

    strunkal Registered Member

    Joined:
    May 31, 2004
    Posts:
    2
    thank you for check my log but i continue with the same problem i cant find the fservice.exe this archive its not hidden i think norton delete it when he scan for viruses.
    I delete the file you said with hijacklog and reboot machine and i cant found fservice.exe its not hidden please if u can help me thank you.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Ah Ok. If that is the problem, fix these two lines as well:
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

    Then when you reboot again the error should be history.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.