Jump to content


Photo

Double Checking my log(help please)


  • Please log in to reply
1 reply to this topic

#1 eny151

eny151

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 06 July 2004 - 09:09 PM

hey whats up. i just had a big spyware and adware attack. i ran spybot and ad-aware. everything seems like its gone. i just want to make sure everything is gone.
can u help me do so.

Logfile of HijackThis v1.98.0
Scan saved at 10:02:42 PM, on 7/6/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\srvany.exe
C:\winnt\system32\Shared\dllhost.exe
C:\WINNT\system32\srvany.exe
C:\WINNT\System32\svchost.exe
C:\winnt\system32\Shared\lsass.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\srvany.exe
C:\WINNT\system32\srvany.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tlntsvr.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\system32\wuauclt.exe
C:\documents and settings\administrator\local settings\temp\R.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\execr.exe
C:\WINNT\system32\pg4ds32m.exe
C:\winnt\system32\dhcp\files\mdll.exe
C:\Documents and Settings\Administrator\My Documents\hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_16_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [tsx] regedlt.exe
O4 - HKLM\..\Run: [Advanced Serial Client for Win32] asclt.exe
O4 - HKLM\..\Run: [Peer Manager] peere32.exe
O4 - HKLM\..\Run: [Windows Subsys] "C:\WINNT\system32\winload.exe" rundll32.dll,loadsubsys,loadwin32,loadsys,win32
O4 - HKLM\..\Run: [Application] C:\winnt\system32\dhcp\files\hiddenrun.exe mdll.exe
O4 - HKLM\..\Run: [R] C:\documents and settings\administrator\local settings\temp\R.exe
O4 - HKLM\..\Run: [Dsi] C:\WINNT\system32\dp-him.exe
O4 - HKLM\..\Run: [53FV3sP] athontr.exe
O4 - HKLM\..\Run: [execr] C:\WINNT\system32\execr.exe
O4 - HKLM\..\Run: [pg4ds32m] C:\WINNT\system32\pg4ds32m.exe
O4 - HKLM\..\RunServices: [tsx] regedlt.exe
O4 - HKLM\..\RunServices: [Advanced Serial Client for Win32] asclt.exe
O4 - HKLM\..\RunServices: [Peer Manager] peere32.exe
O4 - HKLM\..\RunServices: [Windows Subsys] "C:\WINNT\system32\winload.exe" rundll32.dll,loadsubsys,loadwin32,loadsys,win32
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [tsx] regedlt.exe
O4 - HKCU\..\Run: [Peer Manager] peere32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [DealHelperDown] "C:\Documents and Settings\Administrator\Local Settings\Temp\ms3.tmp"
O4 - HKCU\..\Run: [msmc] C:\WINNT\system32\msgked.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\ms.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A052CA1D-D99E-4F92-A865-DEC016CDB00C}: NameServer = 66.114.74.40,66.114.74.195

#2 eny151

eny151

    Member

  • Full Member
  • Pip
  • 33 posts

Posted 06 July 2004 - 11:17 PM

hey i got it what i need to get rid of. help me get rid of dso exploit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button