Jump to content


Photo

Help with hijack this log/ ad-ware removal


  • Please log in to reply
1 reply to this topic

#1 bcre8tvv

bcre8tvv

    Member

  • New Member
  • Pip
  • 2 posts

Posted 19 July 2004 - 01:56 AM

i have run ad-ware 6.0 and removed some 866 objects but each time i run it i find more


please help me read this log file from hijack this


THANKS

Logfile of HijackThis v1.98.0
Scan saved at 11:19:10 PM, on 7/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\windh32.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\documents and settings\us\local settings\temp\4vfvDJaOX.exe
C:\windows\temp\38ssZ0Tko.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\WINDOWS\System32\dec20usd.exe
C:\WINDOWS\crsl32.exe
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\comenum.exe
C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
C:\Quickenw\Qwdlls.exe
C:\Program Files\ScanSoft\PaperPort\Pplinks.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Documents and Settings\Us\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {49908763-5962-9342-6324-D8165D757093} - C:\WINDOWS\iesw32.dll
O4 - HKLM\..\Run: [4vfvDJaOX] C:\documents and settings\us\local settings\temp\4vfvDJaOX.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rp7P36i] dec20usd.exe
O4 - HKLM\..\Run: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [windh32.exe] C:\WINDOWS\windh32.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [aEoFRWG7U] comenum.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: Brother SmartUI PopUp.lnk = C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

#2 jwbirdsong

jwbirdsong

    Slasher O' spyware

  • Emeritus
  • PipPipPipPipPip
  • 2,045 posts

Posted 20 July 2004 - 07:12 AM

You'll notice I've included Spykiller in the list of things to remove....This is not an error. Spykiller is a bogus/rip-off program that can cause more grief than good. Read more about it HERE
You should uninstall from Control Panel>Add/Remove applet before running the fix here.

Don't run HJT from the desktop any more. Instead move HijackThis to it's own, permanent folder such as c:\HJT\HijackThis.exe <-----Very important; needed to keep/maintain backups in

Press Ctrl+Alt+Del and 'end task' on any of the follow that are present
C:\WINDOWS\windh32.exe
C:\documents and settings\us\local settings\temp\4vfvDJaOX.exe
C:\windows\temp\38ssZ0Tko.exe
C:\WINDOWS\System32\dec20usd.exe
C:\WINDOWS\crsl32.exe
C:\WINDOWS\System32\comenum.exe

Put a check next to these in hijackthis:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {49908763-5962-9342-6324-D8165D757093} - C:\WINDOWS\iesw32.dll
O4 - HKLM\..\Run: [4vfvDJaOX] C:\documents and settings\us\local settings\temp\4vfvDJaOX.exe
O4 - HKLM\..\Run: [rp7P36i] dec20usd.exe
O4 - HKLM\..\Run: [crsl32.exe] C:\WINDOWS\crsl32.exe
O4 - HKLM\..\RunOnce: [windh32.exe] C:\WINDOWS\windh32.exe
O4 - HKCU\..\Run: [aEoFRWG7U] comenum.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

THEN WITH ALL OTHER WINDOWS CLOSED ,press "Fix".

Make sure you are set to Show Hidden Files and Folders and delete the following files/folders:-
C:\Program Files\SpyKiller <----ENTIRE FOLDER!!
C:\WINDOWS\windh32.exe
C:\WINDOWS\crsl32.exe
C:\WINDOWS\System32\dec20usd.exe
C:\WINDOWS\System32\comenum.exe
C:\documents and settings\us\local settings\temp\4vfvDJaOX.exe
C:\windows\temp\38ssZ0Tko.exe
If you have problem removing any of the above you should Reboot to safe mode (instructions)
and remove from there.
Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)
[*]C:\Windows\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\
[*]Empty your "Recycle Bin"



Then Reboot and post a fresh log back to this thread.
Things you need(all FREE)
Anti-Virus (Only One of these)
AVG Avast
Firewall (Only One here too)
Kerio(Direct Download) Zone Alarm
Misc. (Use all 3 together)
IE Spyads SpywareBlaster Spyware Guard
Windows Update (Once a week)
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

Please donate to the site to help us help you. Info found HERE

Posted Image
PROUD member Since 2004




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button