Jump to content


Photo

HJT log plz help


  • Please log in to reply
7 replies to this topic

#1 Nagstaku

Nagstaku

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 July 2004 - 04:38 AM

I just installed XP and I went surfing for about 2 hours before i got to installing AV and performing the updates, and somehow ive gotten infected. Please check over my log and tell me what should and shouldn't be there. Im going to a lan tommorrow at 7 (PDXLAN w00t) so id be grateful if this could get resolved before then. Thanks for helping out, you guys do a good thing.

Nagstaku

#2 Rootkit

Rootkit

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 01 July 2004 - 04:42 AM

Hi,Nagstaku

You could post a HJT Logfile here so they may have a.
look at it for you but please do not remove any items

http://www.spywarein.../hijackthis.zip

Some info

Download then save the file/install to a new folder called HijackThis or something similar, not your Desktop or the Temp folder, and double click on the "HijackThis" icon.
and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, then post it here in a reply

Gday

#3 Nagstaku

Nagstaku

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 July 2004 - 04:47 AM

haha, i cant believe i forgot to post the log. hehe, didn't think anybody would reply this fast either. maybe i can get a reply at 3 am lol.

Logfile of HijackThis v1.98.0
Scan saved at 2:46:36 AM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nagistakee\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\windows\iehr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


umm.... goodluck!

#4 Rootkit

Rootkit

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 01 July 2004 - 04:53 AM

Hi,Nagstaku

Try running HJT again your Logfile looks odd make sure
you have no Explorer windows open just run HJT

Gday :bounce:

#5 Nagstaku

Nagstaku

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 July 2004 - 05:04 AM

is this any better?

Logfile of HijackThis v1.98.0
Scan saved at 3:03:17 AM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Nagistakee\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\windows\iehr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

#6 Rootkit

Rootkit

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 01 July 2004 - 05:20 AM

Hi,Nagstaku

Here is what i see but please hold tell someone gives you the ok
not sure if they would like me telling you what to remove

O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\windows\iehr.dll

O4 - HKLM\..\Run: [System Service] C:\WINDOWS\System32\msrexe.exe<--maybe a Virus

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

& i would also do this here

Symantec
TrendMicro
A2 Trojan Scan

Gday :bounce:

#7 Nagstaku

Nagstaku

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 July 2004 - 05:33 AM

Alright, i guess ill have to wait. If i cant get a reply before the lan i might try it anyways, cause i always have the option of reinstall if i dont get it working. Hope i get a reply soon, thx pplz.

#8 Nagstaku

Nagstaku

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 July 2004 - 05:48 AM

Im actually gonna make a new topic for the log since you weren't sure about it and i dont want anyone skipping over it because they see the reply's. Im not sure if this good for the forums.. :unsure: but i doubt its a problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button