1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HJT LOG

Discussion in 'All other topics' started by tarroso, Mar 24, 2005.

  1. tarroso

    tarroso Guest

    hi folks.
    I'm not sure whats happening but im preety sure im infected. I ran adaware, spybot, and norton, no detections, and still a pop up appears with the mythical your computer might be infected bla bla message on it.
    here's my hjt log
    ty for any quick answer

    Logfile of HijackThis v1.99.0
    Scan saved at 19:57:28, on 24-03-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\Programas\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ATK0100\Hcontrol.exe
    C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
    C:\Programas\Synaptics\SynTP\SynTPLpr.exe
    C:\Programas\Synaptics\SynTP\SynTPEnh.exe
    C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
    C:\Programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    C:\Programas\MSN Apps\Updater\01.02.3000.1001\pt-pt\msnappau.exe
    C:\Programas\Picasa2\PicasaMediaDetector.exe
    C:\Programas\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Programas\iTunes\iTunesHelper.exe
    C:\Programas\QuickTime\qttask.exe
    C:\Programas\MSN Messenger\MsnMsgr.Exe
    C:\Programas\Lexmark X1100 Series\lxbkbmon.exe
    C:\Programas\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\1XConfig.exe
    C:\PROGRA~1\OUTLOO~1\INCRED~1\bin\IMAPP.EXE
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaƧƵes
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programas\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Apps\MSN Toolbar\01.02.3000.1001\pt-pt\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\MSN Apps\MSN Toolbar\01.02.3000.1001\pt-pt\msntb.dll
    O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programas\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programas\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Programas\MSN Apps\Updater\01.02.3000.1001\pt-pt\msnappau.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programas\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programas\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Programas\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\OUTLOO~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\OUTLOO~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Search - http://bar.mytotalsearch.com/menusearch.html?p=VSzeb029XXUS
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programas\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programas\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programas\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2A0DED63-24F3-4FD6-BEC4-58F8E1F0C205} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/pt-PT/filesharingctrl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094680123233
    O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programas\Norton AntiVirus\navapsvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FICHEI~1\SYMANT~1\SCRIPT~1\SBServ.exe



     
  2. venomX05

    venomX05 Regular member

    Joined:
    Jan 18, 2005
    Messages:
    1,026
    Likes Received:
    0
    Trophy Points:
    46
    Hey tarroso,

    Ok, going to help you out...

    Here is what you need:

    Microsoft Anti-Spyware (microsofts website)
    Registry Mechanic (get it at pcworld.com)
    Firefox or OPERA web browser (built in pop-up blockers)
    -get rid of IE, notorious for holes due to active x controls, java, and other little issues, use it as a LAST resort or as a backup in case you REALLY need it to be on a particular site such as Microsoft.com, other than that...kick it to the curb! :)
    AND
    WinPatrol (will show you EXACTLY what is running on your system and notify you when something is running or trying to install itself)

    Also, do this...

    1.Start in Safe Mode
    2.Go to your Command Prompt for DOS
    3.In C: drive type "del index.dat /s"
    -this will clear out all the traces of the website that have you been too with cookies attached.

    I looked over your file, and saw a couple of things that looked weird. Also, if you have any type of search bars for your browser, I would uninstall them as well.

    After running all that, PLUS clearing out your temporary internet files, PM me your new log if you want and I will look it over again.

    Hope this helps!

    ;)

    BTW, what kind of pop-up did you get?
     
    Last edited: Mar 24, 2005
  3. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,073
    Likes Received:
    80
    Trophy Points:
    128
    download & run ccleaner from ccleaner.com. it cleans the crap out of your windows
     

Share This Page