Please i need to check my hijacklog

Discussion in 'adware, spyware & hijack cleaning' started by strunkal, May 31, 2004.

Thread Status:
Not open for further replies.
  1. strunkal

    strunkal Registered Member

    Joined:
    May 31, 2004
    Posts:
    2
    hello people i need to check my hijacklog to clean it the log it is :

    Logfile of HijackThis v1.97.7
    Scan saved at 19:40:27, on 31/05/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\Explorer.exe
    C:\ARCHIV~1\KITADS~1\bin\win2k\tidslmon.exe
    C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
    C:\Archivos de programa\a2\a2guard.exe
    C:\Archivos de programa\WIDCOMM\Software Bluetooth\BTTray.exe
    C:\Archivos de programa\Nokia\PC Suite for Nokia N-Gage\connmngmntbox.exe
    C:\Archivos de programa\Nokia\PC Suite for Nokia N-Gage\ectaskscheduler.exe
    C:\ARCHIV~1\Nokia\PCSUIT~1\Elogerr.exe
    C:\Archivos de programa\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
    C:\ARCHIV~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
    C:\ARCHIV~1\Nokia\PCSUIT~1\BROADC~1.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\ARCHIV~1\Nokia\PCSUIT~1\SCRFS.exe
    C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
    D:\Documents and Settings\XXX\Mis documentos\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.playonline.com/ff11us/index.shtml
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.telefonica.net/
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [TIxDSL] C:\ARCHIV~1\KITADS~1\bin\win2k\tidslmon.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\system32
    O4 - HKLM\..\Run: [UpConfgVer] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\UpgConf.exe" /v:7.05.07
    O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [a²] "C:\Archivos de programa\a2\a2guard.exe"
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: PCSuiteForNokiaN-Gage Detect.lnk = ?
    O4 - Global Startup: PCSuiteForNokiaN-Gage TS.lnk = ?
    O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: @btrez.dll,-4015 (HKLM)
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F6478736-2E54-4469-A6E6-CD66EDA167E2}: NameServer = 194.224.52.36,194.224.52.37


    ok it is thanx you.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Hi strunkal,


    Check the following item in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\system32

    Then reboot and surf to http://www.kaspersky.com/remoteviruschk.html and have this file checked:
    C:\WINDOWS\system32\fservice.exe
    If you can't find it the file may be hidden. Check here how to "unhide" those: http://www.tacktech.com/display.cfm?ttid=192

    Let us know the results.

    Regards,

    Pieter
     
  3. strunkal

    strunkal Registered Member

    Joined:
    May 31, 2004
    Posts:
    2
    thank you for check my log but i continue with the same problem i cant find the fservice.exe this archive its not hidden i think norton delete it when he scan for viruses.
    I delete the file you said with hijacklog and reboot machine and i cant found fservice.exe its not hidden please if u can help me thank you.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Ah Ok. If that is the problem, fix these two lines as well:
    F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

    Then when you reboot again the error should be history.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.