Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please Help with Dr Watson

Started by tikkao , Feb 26 2005 01:26 AM

  • Please log in to reply

#1
tikkao
Posted 26 February 2005 - 01:26 AM

tikkao

    New Member

  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:25:13 AM, on 2/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\iees32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winqf.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\krasimir\LOCALS~1\Temp\Rar$EX06.158\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\njuim.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\njuim.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\njuim.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\njuim.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\njuim.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\njuim.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\njuim.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {88C624F7-3C5C-2537-EAC0-6CF6F7B6BD77} - C:\WINDOWS\system32\ntie.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [winqf.exe] C:\WINDOWS\system32\winqf.exe
O4 - HKLM\..\RunOnce: [iees32.exe] C:\WINDOWS\iees32.exe
O8 - Extra context menu item: Download With NetLeech - C:\Program Files\NetLeech\NLExtMenu.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Network Security Service (Џ 6QФх'ЄґЖР8) - Unknown owner - C:\WINDOWS\netxs.exe (file missing)

:tazz:
  • 0

Advertisements

#2
Resident_Blonde
Posted 26 February 2005 - 01:30 AM

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Member
  • PipPipPip
  • 558 posts
Good Morning Tikkao and welcome to GTG...

I just want to help out the other staff members of the HJT forums... so did you do any clean ups that are needed before placing the log?


Crafty...
  • 0

#3
tikkao
Posted 26 February 2005 - 01:32 AM

tikkao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
yes..i ran ad-aware and spybot
  • 0

#4
Resident_Blonde
Posted 26 February 2005 - 01:33 AM

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Member
  • PipPipPip
  • 558 posts
Let me get the information that you need to do that will help out the staff... be right back...

:tazz:
  • 0

#5
Resident_Blonde
Posted 26 February 2005 - 01:36 AM

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Member
  • PipPipPip
  • 558 posts
Tikkao,

Click on this link, or paste it in your addy bar...

http://www.geekstogo...indpost&p=47776

Do all the info on there, but do not (DO NOT) delete anything on your system till a Staff Member comes to help you...


Crafty
  • 0

#6
Resident_Blonde
Posted 26 February 2005 - 01:38 AM

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Member
  • PipPipPip
  • 558 posts
Just do the clean up area... And then post a new log stated all that you done...


:tazz:
  • 0

#7
tikkao
Posted 26 February 2005 - 01:38 AM

tikkao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
okay..i will
  • 0

#8
tikkao
Posted 26 February 2005 - 02:54 AM

tikkao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 23


Removed Data Streams:
C:\WINDOWS\d3ue32.exe:mrjqf

Logfile of HijackThis v1.99.1
Scan saved at 3:45:08 AM, on 2/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\krasimir\LOCALS~1\Temp\Rar$EX02.860\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R3 - Default URLSearchHook is missing
O8 - Extra context menu item: Download With NetLeech - C:\Program Files\NetLeech\NLExtMenu.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • 0

#9
Resident_Blonde
Posted 26 February 2005 - 02:58 AM

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Member
  • PipPipPip
  • 558 posts
Hi Tikkao... I have learned a few things so far about this good oleDrWatson... But I will leave it up to the Major Geeks... :tazz:

Good luck... And if by chance you feel like you have been forgotten about, just reply to this post and bring your topic back towards the top...


Crafty....
  • 0

#10
tikkao
Posted 26 February 2005 - 03:11 AM

tikkao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
thank you! somehow i got rid of it! i don't know how it happened but i got rid of the coolwebsearch thing too which has been bothering me for weeks. :tazz: i appreciate it!
  • 0

#11
Resident_Blonde
Posted 26 February 2005 - 03:14 AM

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Member
  • PipPipPip
  • 558 posts
Well, dont walk away yet.... Let one of the staff go over a few things with you, and your log... Just to check...

And yourwelcome :tazz:
  • 0

#12
Resident_Blonde
Posted 26 February 2005 - 03:17 AM

Resident_Blonde

    Formerly known as "Crafty_Girl"

  • Member
  • PipPipPip
  • 558 posts
There is just so many places that this and other things can be hiding... I just want you to get complete help....

Just make sure to do a regular cleaning, and scanning of your programs...

I cannot and will never complain about GTG... I have not had any major issues with my system sense i have joined...

They are awesome... I just hope I learn more as I go so that I can feel the pleasures of helping people as well...

I hope you have a good day Tikkao... And take care...

Crafty :tazz:
  • 0

#13
tikkao
Posted 26 February 2005 - 03:20 AM

tikkao

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I just did a ad-aware scanning and it didn't find anything ;)
Thank you for your help! take care... :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP