Jump to content


Photo

Hijackthis Log


  • This topic is locked This topic is locked
3 replies to this topic

#1 bisou

bisou

    Member

  • New Member
  • Pip
  • 2 posts

Posted 19 May 2004 - 05:10 PM

Here is my log - I ran the Hijack this program yesterday got this log however now my java script pop up windows are screwing up. They pop up but they are blank. :huh:


Here is the log.
**********************
ogfile of HijackThis v1.97.7
Scan saved at 7:06:51 PM, on 05/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Meal Five Dent\BatFirstEggs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\mapiicon.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\brigitte\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pop.popuptoas...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theanimal...nimalRescueSite
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pop.popuptoas...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by @Home Network - Version 1.7
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\default\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\WINDOWS\2020Search2.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [more rdr] C:\PROGRA~1\Meal Five Dent\BatFirstEggs.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [cpntmgc] C:\WINDOWS\navpmc\navpmc.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDHTML_1027.dll,InstantAccess
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\SYSTEM32\mapiicon.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: @Home (HKCU)
O16 - DPF: Win32 Classes -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7964.7781365741
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

*********
please tell me what i should fix..thanks for your help in advance.

#2 njustice

njustice

    Advanced Member

  • Helper
  • PipPipPip
  • 159 posts

Posted 19 May 2004 - 07:55 PM

Download CWShredder
http://www.spywarein.../cwshredder.zip
Unzip...Run it......press "Fix", follow its prompts & instructions.. press 'Next', and allow it to fix all it finds.

Please put HJT in it's own permanent folder....
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder.

Run Hijack.....Check the boxes next to all these items. Then close all windows except
HijackThis.
Tell HijackThis to 'Fix checked'.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pop.popuptoas...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pop.popuptoas...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: 2020SEARCH2 - {4E7BD74F-2B8D-469E-92C6-CE7EB590A94D} - C:\WINDOWS\2020Search2.dll (file missing)

Did you download this, if not remove as well.....
O4 - HKLM\..\Run: [more rdr] C:\PROGRA~1\Meal Five Dent\BatFirstEggs.exe

O4 - HKCU\..\Run: [cpntmgc] C:\WINDOWS\navpmc\navpmc.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDHTML_1027.dll,InstantAccess
O16 - DPF: Win32 Classes -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe


Reboot to SAFE mode (F8 on bootup)
How to start the computer in Safe mode

Show hidden files and folders-->
Show hidden files & folders


and delete the following folders marked in red.....
C:\WINDOWS\navpmc
C:\PROGRAM FILES\Meal Five Dent....if removed

reboot.....rescan....post new log....:)
Please don't ask for help on computer issues by email or Private Message (PM). Keep questions and answers in the forums....help others to learn.

Hijack This Guide --- Ad-Aware --- CWShredder --- HijackThis --- Spybot

Zone Alarm Firewall --- Spywareblaster

How to Go into Safe Mode --- Show Hidden Files --- Peper Trojan Removal Tool

Changing the Hosts File: Keep the Popup Parasites Off --- Turn Off/On Windows XP System Restore

Turn Off Unnecessary XP Services (XP with Service Pack 2) (recommend SAFE configuration)

ASAP Proud member since 2004 Alliance of Security Analysis Professionals

My sites: Pctorium | AmazingDezigns


#3 bisou

bisou

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 May 2004 - 04:42 AM

oh thank your so much for helping me ...I really appreciate it. :rolleyes:
here is the new log as you requested..is it cleaned up now?

-----------------
Logfile of HijackThis v1.97.7
Scan saved at 4:40:03 AM, on 05/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\SYSTEM32\mapiicon.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\brigitte\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theanimal...nimalRescueSite
N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\default\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.en-ca\msntb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: ADSL Diagnostic Tools.LNK = C:\WINDOWS\SYSTEM32\mapiicon.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7964.7781365741
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#4 njustice

njustice

    Advanced Member

  • Helper
  • PipPipPip
  • 159 posts

Posted 20 May 2004 - 06:42 AM

Hello bisou glad to help....your log is clean.

Please.....

Go to Windows Updates and get all critical updates.


If you haven't done so yet give the link below a read and follow thru on recommendations.

Stop IE hijacking before it happens
Please don't ask for help on computer issues by email or Private Message (PM). Keep questions and answers in the forums....help others to learn.

Hijack This Guide --- Ad-Aware --- CWShredder --- HijackThis --- Spybot

Zone Alarm Firewall --- Spywareblaster

How to Go into Safe Mode --- Show Hidden Files --- Peper Trojan Removal Tool

Changing the Hosts File: Keep the Popup Parasites Off --- Turn Off/On Windows XP System Restore

Turn Off Unnecessary XP Services (XP with Service Pack 2) (recommend SAFE configuration)

ASAP Proud member since 2004 Alliance of Security Analysis Professionals

My sites: Pctorium | AmazingDezigns





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button