Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spooner-A / about-blank / HiJack

Started by Dinheru , Mar 13 2005 12:12 PM

  • Please log in to reply

#1
Dinheru
Posted 13 March 2005 - 12:12 PM

Dinheru

    New Member

  • Member
  • Pip
  • 8 posts
I've read some instructions in an other topic: I followed all steps and my HJT-log is alot cleaner now:


Logfile of HijackThis v1.99.1
Scan saved at 19:06:38, on 13-3-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\glimx32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\Dinheru\Bureaublad\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {46CE6A51-7A93-4E95-8EAB-220EB3158913} - C:\WINDOWS\System32\pmoc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WINDOWSglimx32] C:\WINDOWS\glimx32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110623204909
O17 - HKLM\System\CCS\Services\Tcpip\..\{65AE941C-3DBA-47EC-A414-7DFBA4B11055}: NameServer = 62.58.50.5,62.58.50.6
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe


Are here still problems which are bothering my pc?
  • 0

Advertisements

#2
Dinheru
Posted 13 March 2005 - 12:14 PM

Dinheru

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Spysweeper still finds:
CWS-AboutBlank

(sorry don't know how to edit the message)
  • 0

#3
don77
Posted 13 March 2005 - 12:21 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Dinheru and welcome

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#4
Dinheru
Posted 13 March 2005 - 12:50 PM

Dinheru

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hmm just found out my key is Illegal. Just got this pc yesterday morning, Probably an illegal windows key. Going to get a new one. Maybe I post tonight, else tomorrow
  • 0

#5
don77
Posted 13 March 2005 - 12:56 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Sounds good post back when you get it sorted out, Venturing out on the net without proper patches in place will leave you wide open to reinfection,

We will just be wasting our time getting you cleanup within 10 minutes back out on the net you will have the same problems, Go and have a talk with the person who sold you the computer.


Good luck,

Don
  • 0

#6
Dinheru
Posted 13 March 2005 - 02:33 PM

Dinheru

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
okay I got another windows cd
since my hd's are running at Raid0 I formatted the pc completely
it is a windows xp home edition but SP1 is running

here is my current HJT-log. I think it's okay now isn't it?

Logfile of HijackThis v1.99.1
Scan saved at 21:29:04, on 13-3-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Documents and Settings\Dinheru\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A21A53A-2024-4C90-BA40-CD5967E5D2BB}: NameServer = 62.58.50.5,62.58.50.6
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  • 0

#7
don77
Posted 14 March 2005 - 06:11 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Reboot your computer,

You need to get an Anti Virus program on your machine,
Have a look Here

Go ahead and do steps 1 and 2, Step 2 has a free Anti Virus program you can use,
Step 1 you should download Ad-aware and Spybot,

And some further suggestions to help prevent getting reinfected,

Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep Ad-aware and Spybot handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program
Download and install Cleanup
Run "Cleanup" and when it has finished, Reboot

Remeber to Check Windows for updates

Probably a good time to create a new restore point See Here Name it clean or something like that,
  • 0

#8
Dinheru
Posted 14 March 2005 - 09:16 AM

Dinheru

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
hmm I got another HJT after my windows update:


Logfile of HijackThis v1.99.1
Scan saved at 16:09:09, on 14-3-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\glimx32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Dinheru\Bureaublad\Mappen\Programma's\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDOWSglimx32] C:\WINDOWS\glimx32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A21A53A-2024-4C90-BA40-CD5967E5D2BB}: NameServer = 62.58.50.5,62.58.50.6
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

those O9 are windows messenger aren't they?
  • 0

#9
don77
Posted 14 March 2005 - 06:00 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Yes the 09 are for messenger, Those are fine

I would like some info on the following if you don't mind
Please search for the following file please
C:\WINDOWS\GLIMX32.EXE
Right click on left click properties--version
What info can you find on them including date created

Also,
Please click on this
Link
Click the Browse button
Search for the following "C:\WINDOWS\GLIMX32.EXE "
Next click the Submit button ( It will take a minute or 2 ) Scroll down the page abit and copy and paste back the results it comes back with please

Edited by don77, 14 March 2005 - 06:01 PM.

  • 0

#10
Dinheru
Posted 15 March 2005 - 02:14 AM

Dinheru

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
hmm this looks not good:
Created: Monday 4 Oktober 2004
Edited: Monday 4 Oktober 2004
Last Opened: 2 minutes ago


The online scan:

File: glimx32.exe
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected:
-

AntiVir
No viruses found (0.41 seconds taken)
Avast
No viruses found (1.51 seconds taken)
AVG Antivirus
No viruses found (0.53 seconds taken)
BitDefender
No viruses found (0.85 seconds taken)
ClamAV
No viruses found (0.61 seconds taken)
Dr.Web
No viruses found (0.91 seconds taken)
F-Prot Antivirus
No viruses found (0.09 seconds taken)
Fortinet
No viruses found (0.46 seconds taken)
Kaspersky Anti-Virus
No viruses found (1.00 seconds taken)
mks_vir
No viruses found (0.25 seconds taken)
NOD32
No viruses found (0.49 seconds taken)
Norman Virus Control
No viruses found (0.84 seconds taken)

Statistics
  • 0

#11
don77
Posted 15 March 2005 - 05:46 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Could you search for the file and give us the properties please,
Sure looks like a bad one just want to be sure,

Check your pm please

Thanks
Don
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP