Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijackthis LOG

Started by Boomer_2008 , Apr 02 2005 01:30 AM

This topic is locked

#1
Boomer_2008

Posted 02 April 2005 - 01:30 AM

Member

Member
22 posts

Hey i get BAd pop ups and i'm Really tired of it will you help me out plzzz

Logfile of HijackThis v1.99.1
Scan saved at 1:29:02 AM, on 4/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\igvrgo.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\VBouncer\VirtualBouncer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\ezula\mmod.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\InitialServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\MTE1Mzc6ODoxMg.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.valornet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitemoj32.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Tasmgr Starup] tasmgr.exe
O4 - HKLM\..\Run: [systemin] C:\WINDOWS\System32\microsoft\Norton Anti Viros.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [Registry System16 Checkup Monitor] SystemReg16.exe
O4 - HKLM\..\Run: [protectx Personal Firewall] protectx.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svmhost.exe
O4 - HKLM\..\Run: [m4n70s Personal Firewall] m4n70s.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Windows Registry Scan] lsass34.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svmhost.exe
O4 - HKLM\..\RunServices: [Registry System16 Checkup Monitor] SystemReg16.exe
O4 - HKLM\..\RunServices: [MsWindows Syspg] mspg32.exe
O4 - HKLM\..\RunServices: [Win32 DRK Driver] wdrk32.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [m4n70s Personal Firewall] m4n70s.exe
O4 - HKLM\..\RunServices: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [protectx Personal Firewall] protectx.exe
O4 - HKLM\..\RunServices: [Tasmgr Starup] tasmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108873278830
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\lvlo0933e.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: System ID Service (System) - Unknown owner - c:\windows\system32\InitialServ.exe
O23 - Service: Win32 DRK Driver - Unknown owner - C:\WINDOWS\System32\wdrk32.exe" -netsvcs (file missing)

THANXX...

#2
sooners_ou2008

Posted 02 April 2005 - 01:56 AM

Member

Member
57 posts

Help......................................................................................

#3
Boomer_2008

Posted 02 April 2005 - 01:35 PM

Member

Topic Starter
Member
22 posts

Please help badly need here

#4
Boomer_2008

Posted 02 April 2005 - 03:41 PM

Member

Topic Starter
Member
22 posts

HEPL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! i need help really bad i'm on a DEAD line

#5
Boomer_2008

Posted 03 April 2005 - 04:44 PM

Member

Topic Starter
Member
22 posts

Help

#6
Boomer_2008

Posted 05 April 2005 - 07:58 PM

Member

Topic Starter
Member
22 posts

COME on AHHHHHHHHHHHHHH REply BACK

#7
Boomer_2008

Posted 10 April 2005 - 06:27 PM

Member

Topic Starter
Member
22 posts

hey i'm pretty sure there is many problems in this log and i'm pretty Sure yall are busy but can u please take alittle bit to help my with my problem...Please

Logfile of HijackThis v1.99.1
Scan saved at 7:19:22 PM, on 4/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\igvrgo.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\winsN2S.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\InitialServ.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.valornet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitemoj32.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Tasmgr Starup] tasmgr.exe
O4 - HKLM\..\Run: [systemin] C:\WINDOWS\System32\microsoft\Norton Anti Viros.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [Registry System16 Checkup Monitor] SystemReg16.exe
O4 - HKLM\..\Run: [protectx Personal Firewall] protectx.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svmhost.exe
O4 - HKLM\..\Run: [m4n70s Personal Firewall] m4n70s.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [Windows NetStart Service] winsN2S.exe
O4 - HKLM\..\RunServices: [Windows Registry Scan] lsass34.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svmhost.exe
O4 - HKLM\..\RunServices: [Registry System16 Checkup Monitor] SystemReg16.exe
O4 - HKLM\..\RunServices: [MsWindows Syspg] mspg32.exe
O4 - HKLM\..\RunServices: [Win32 DRK Driver] wdrk32.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [m4n70s Personal Firewall] m4n70s.exe
O4 - HKLM\..\RunServices: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [protectx Personal Firewall] protectx.exe
O4 - HKLM\..\RunServices: [Tasmgr Starup] tasmgr.exe
O4 - HKLM\..\RunServices: [Windows NetStart Service] winsN2S.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [Windows NetStart Service] winsN2S.exe
O4 - HKCU\..\RunServices: [Windows NetStart Service] winsN2S.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comne...iveSekurity.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108873278830
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\aza4l1lq1.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: System ID Service (System) - Unknown owner - c:\windows\system32\InitialServ.exe
O23 - Service: Win32 DRK Driver - Unknown owner - C:\WINDOWS\System32\wdrk32.exe" -netsvcs (file missing)

Thank you please help me with this get back to me ASAP

#8
g2i2r4

Posted 14 April 2005 - 03:36 AM

retired HiJack Helper

Retired Staff
5,080 posts

Hi Boomer_2008,

Sorry for the delay, the forums are very busy.

You have a fine collection of infections.

Let's first try to cleanup using some helpers.

***

Please do an online scan, 2 would be better,

Trend Micro Housecall
Panda online scan

Make sure that you choose "fix" or "clean".
Reboot your computer after finishing a scan and move on to the next.

***

Download
AdAware SE 1.05.

Also download Spybot-Search & Destroy from the following link:
http://www.majorgeek...wnload2471.html

For Adaware: Search for and download all updates, then scan. Check everything that is founds, then hit "Remove." When a warning box comes up, hit Yes. Reboot your PC.

For Spybot-Search and Destroy: Search for and download all updates, then scan. Fix everything that is in RED. Then reboot your PC.

***

Then, open HijackThis.
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
Press the button 'save list'
Save it and post the content here in your answer. Also post a fresh log using HijackThis.

No reply was posted for more than two weeks.

This topic is now closed. If you are the topicowner and still need assistance, please send me a PM.

Edited by g2i2r4, 01 May 2005 - 11:06 AM.