Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spyware.......hijack report after panda and adware


  • This topic is locked This topic is locked

#1
diverseo

diverseo

    Member

  • Member
  • PipPip
  • 28 posts
i have followed the steps in malware forum, cleaned up pc, but according to panda pc is still infected, here is hijck report....

Logfile of HijackThis v1.99.1
Scan saved at 4:27:08 PM, on 11/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\vanessa pc\My Documents\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GN-WPKG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8CB41E4-5B6A-444F-8021-DE833EBF05B1}: NameServer = 192.168.2.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CS3\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O20 - AppInit_DLLs: e1.dll deskmcd3.dll confaud.dll audstat.dll confbrw.dll brwstat.dll
O20 - Winlogon Notify: audmgr - audmgr32.dll (file missing)
O20 - Winlogon Notify: brwmgr - brwmgr32.dll (file missing)
O20 - Winlogon Notify: dsseds32 - C:\WINDOWS\system32\dsseds32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe :whistling:
  • 0

Advertisements


#2
diverseo

diverseo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
i have tried to install avg virus protection , but comes up with error and wont install, i alsao tried to install nod 32 , but also does not want to install.................
  • 0

#3
diverseo

diverseo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
tried avg installation again and allmost installs then seems to uninstall its self and giveds this error......
Local machine: installation failed
Installation:
Error: Action failed for file avgupsvc.exe: starting service....
The service did not respond to the start or control request in a timely fashion. (1053)

please help, did another panda scan and it came up with 4 viruses and 11 spyware
where do i go from here..........................desperate
  • 0

#4
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Download The Avenger by Swandog46, and save it to your Desktop. Extract avenger.exe from the Zip file and save it to your desktop

Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the code box below (don't copy the word "CODE in the box header, just the box contents starting at Files to delete) and paste it in the box that opens:

WARNING: This script is not a general fix. If you are not this user, running this script could damage your system

Files to delete:
C:\WINDOWS\system32\audmgr32.dll
C:\WINDOWS\system32\audperf.exe
C:\WINDOWS\system32\audprf32.dll
C:\WINDOWS\system32\audstat.dll
C:\WINDOWS\system32\confaud.dll 
C:\Windows\msupdtwiz.dat 
C:\Windows\msupdtwiz.exe 
C:\Windows\msupdtwiz.wax 
C:\WINDOWS\system32\e1.dll
C:\WINDOWS\system32\deskmcd3.dll
C:\WINDOWS\system32\confbrw.dll 
C:\WINDOWS\system32\brwstat.dll

Registry values to replace with dummy:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Now click the 'Done' button.
Click on the traffic light icon and OK the prompt.
You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it manually.

Please post a new HijackThis log and the log file from Avenger at C:\avenger.txt
  • 0

#5
diverseo

diverseo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
shot...

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cmmmmcuu

*******************

Script file located at: xfddpkvl

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!


Logfile of HijackThis v1.99.1
Scan saved at 4:45:49 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\vanessa pc\My Documents\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GN-WPKG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8CB41E4-5B6A-444F-8021-DE833EBF05B1}: NameServer = 192.168.2.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CS3\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O20 - AppInit_DLLs: e1.dll deskmcd3.dll confaud.dll audstat.dll confbrw.dll brwstat.dll
O20 - Winlogon Notify: audmgr - audmgr32.dll (file missing)
O20 - Winlogon Notify: brwmgr - brwmgr32.dll (file missing)
O20 - Winlogon Notify: dsseds32 - C:\WINDOWS\system32\dsseds32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  • 0

#6
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Hmmm... fix these entries with HJT, reboot and post a new log:

O20 - AppInit_DLLs: e1.dll deskmcd3.dll confaud.dll audstat.dll confbrw.dll brwstat.dll
O20 - Winlogon Notify: audmgr - audmgr32.dll (file missing)
O20 - Winlogon Notify: brwmgr - brwmgr32.dll (file missing)
O20 - Winlogon Notify: dsseds32 - C:\WINDOWS\system32\dsseds32.dll (file missing)

  • 0

#7
diverseo

diverseo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
latest log

Logfile of HijackThis v1.99.1
Scan saved at 5:37:20 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\vanessa pc\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GN-WPKG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8CB41E4-5B6A-444F-8021-DE833EBF05B1}: NameServer = 192.168.2.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CS3\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O20 - AppInit_DLLs: e1.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  • 0

#8
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste that information here for me with a new HijackThis log.

  • 0

#9
diverseo

diverseo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
here goes thanx so far...........

SUPERAntiSpyware Scan Log
Generated 11/26/2006 at 08:05 PM

Application Version : 3.3.1020

Core Rules Database Version : 3107
Trace Rules Database Version: 1133

Scan type : Complete Scan
Total Scan Time : 01:05:58

Memory items scanned : 270
Memory threats detected : 1
Registry items scanned : 3834
Registry threats detected : 0
File items scanned : 19494
File threats detected : 35

Worm.Spam-Strato
C:\WINDOWS\SYSTEM32\E1.DLL
C:\WINDOWS\SYSTEM32\E1.DLL
C:\WINDOWS\msserrv32.dat
C:\WINDOWS\msserv32.dat
C:\WINDOWS\mswiizz32.dat
C:\WINDOWS\mswiz32.dat

Adware.Tracking Cookie
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][2].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][2].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][2].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][3].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][2].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][2].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][4].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][2].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][2].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][2].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][2].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][2].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt
C:\Documents and Settings\vanessa pc\Cookies\vanessa [email protected][1].txt


Logfile of HijackThis v1.99.1
Scan saved at 8:24:11 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\vanessa pc\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GN-WPKG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8CB41E4-5B6A-444F-8021-DE833EBF05B1}: NameServer = 192.168.2.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CS3\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O20 - AppInit_DLLs: e1.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  • 0

#10
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

O20 - AppInit_DLLs: e1.dll

Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.

Edited by Daemon, 26 November 2006 - 01:02 PM.

  • 0

Advertisements


#11
diverseo

diverseo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
put hijack in folder and did as said

Logfile of HijackThis v1.99.1
Scan saved at 9:31:31 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\vanessa pc\My Documents\hijack\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GN-WPKG Utility.lnk = C:\Program Files\Gigabyte\Gigabyte GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8CB41E4-5B6A-444F-8021-DE833EBF05B1}: NameServer = 192.168.2.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CS2\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O17 - HKLM\System\CS3\Services\Tcpip\..\{07BD5AB5-FBC0-49FC-B27C-72E0E6058398}: NameServer = 192.168.0.200
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
  • 0

#12
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Looks better - how is it running now?
  • 0

#13
diverseo

diverseo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
well Daemon Master, AVG loaded and am doing a scan...........shot ....does this mean it is sorted.
  • 0

#14
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Possibly - let me know what AVG finds.
  • 0

#15
diverseo

diverseo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
well done bud, AVG came back clean, thanx for your help, all the best :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP