Jump to content


Photo

Help!, this is my log file


  • Please log in to reply
5 replies to this topic

#1 clamasl

clamasl

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 19 May 2004 - 08:28 PM

here is my log file:

Logfile of HijackThis v1.97.7
Scan saved at 9:25:56 PM, on 5/19/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SuperBar\sbhc.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Bargain Buddy\bin2\bargains.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\ezula\mmod.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.window...k=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.window...stmpl1&sstring=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.24horaslibre.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.window...stmpl1&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.window...k=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.window...stmpl1&sstring=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.window...stmpl1&sstring=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.window...stmpl1&sstring=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.window...stmpl1&sstring=
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\Program Files\scbar\v9\scbar.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - C:\Program Files\scbar\v9\scbar.dll
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINNT\bxxs5.dll
O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SUPERBAR\SUPERBAR.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: Support Software - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\Program Files\Support Software\SS2.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Program Files\Bargain Buddy\bin2\apuc.dll
O2 - BHO: (no name) - {D726BB88-EBD7-4B77-8D31-9D54BAA19B3D} - C:\WINNT\system32\faxfcom.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: SuperBar - {57AD1D3F-20F7-4BA4-A9C9-CE24749F1AB6} - C:\Program Files\SUPERBAR\SUPERBAR.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINNT\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v9\scbar.exe" /H
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PJFTBOX] C:\WINNT\VAOEQK.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo 820 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINNT\system32\E_S290.tmp"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: AIM (HKLM)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7940.3973726852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab

#2 clamasl

clamasl

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 23 May 2004 - 10:11 AM

I thought this forum is to help, can somebody help me?. Thanks

#3 clamasl

clamasl

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 29 May 2004 - 08:35 AM

Can anybody help me with this log?. Thanks

#4 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 29 May 2004 - 02:51 PM

The latest version of AdAware should deal with some of this infestation.

Download from http://www.lavasoft.de/

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

Make sure the following settings are made and on (ON=GREEN)

From main window click "Start" then " Activate in-depth scan"

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning", "Cleaning engine" and "Let windows remove files in use at next reboot"

To save your settings click "proceed".

Now click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

reboot again, and let Adaware run if it asks.
The latest version of AdAware should deal with this infestation.

Download from http://www.lavasoft.de/

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

Make sure the following settings are made and on (ON=GREEN)

From main window click "Start" then " Activate in-depth scan"

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning", "Cleaning engine" and "Let windows remove files in use at next reboot"

To save your settings click "proceed".

Now click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

reboot again, and let Adaware run if it asks.

The latest version of AdAware should deal with this infestation.

Download from http://www.lavasoft.de/

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

Make sure the following settings are made and on (ON=GREEN)

From main window click "Start" then " Activate in-depth scan"

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning", "Cleaning engine" and "Let windows remove files in use at next reboot"

To save your settings click "proceed".

Now click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

reboot again, and let Adaware run if it asks.


Next,please download SPYBOT. Unzip the program, run it and click on search for updates. Install all updates, then hit scan.

Let it fix everything marked in RED.

Then post a fresh Hijack this log.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#5 clamasl

clamasl

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 08 June 2004 - 10:20 PM

Hi dave,

my new log is:

Logfile of HijackThis v1.97.7
Scan saved at 11:21:58 PM, on 6/8/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\lwfqigffd.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.24horaslibre.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {D0D28736-D6E6-4363-BFE8-3A05D74A8754} - C:\WINNT\dhje.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [rehwjji] C:\WINNT\lwfqigffd.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PJFTBOX] C:\WINNT\VAOEQK.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo 820 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINNT\system32\E_S290.tmp"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AIM (HKLM)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7940.3973726852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab

#6 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 09 June 2004 - 02:14 PM

That looks a lot better! Still some things to go.

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {D0D28736-D6E6-4363-BFE8-3A05D74A8754} - C:\WINNT\dhje.dll

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [rehwjji] C:\WINNT\lwfqigffd.exe
O4 - HKCU\..\Run: [PJFTBOX] C:\WINNT\VAOEQK.exe

Reboot, and delete

files
C:\WINNT\lwfqigffd.exe
C:\WINNT\VAOEQK.exe

folder
C:\Program Files\TV Media

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button