Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Hijack Log

Started by HELP!! , Apr 27 2005 10:13 PM

  • This topic is locked This topic is locked

#31
HELP!!
Posted 02 May 2005 - 04:52 PM

HELP!!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Okay


Incident Status Location

Adware:Adware/PortalScan No disinfected C:\WINDOWS\System32\winupdt.008
Adware:Adware/BookedSpace No disinfected Windows Registry
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\System32\Free Cell Phone.ico
Adware:Adware/BlueScreenWarningNo disinfected C:\wp.bmp
Adware:Adware/Hotoffers No disinfected C:\!Submit\param32.dll
Adware:Adware/Transponder No disinfected C:\Documents and Settings\vargas\Local Settings\Temporary Internet Files\Content.IE5\C3AN8BIX\svcproc[1].exe
Adware:Adware/EliteBar No disinfected C:\EliteToolBar version 60.dll
Adware:Adware/ClkOptimizer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8904C328-450B-4EBA-B5FB-C24EC8\1E80E43B-5A8E-4AC2-AB62-8A8B64
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.ini
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free Cell Phone.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free LapTop Computer.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free Ringtones!.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free Sony Playstation.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free U2 iPod.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\NBA Giveaway.ico
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.008
Adware:Adware/BlueScreenWarningNo disinfected C:\wp.bmp

Logfile of HijackThis v1.99.1
Scan saved at 5:49:36 PM, on 5/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\vargas\Desktop\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Microsoft AntiSpyware helper - {10C2015A-F1C9-4C70-9715-3BAC926D6C56} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {10C2015A-F1C9-4C70-9715-3BAC926D6C56} - (no file) (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...474/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F626A38-B7A3-45A8-B3E5-48902C231497}: NameServer = 206.141.192.60 206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F626A38-B7A3-45A8-B3E5-48902C231497}: NameServer = 206.141.192.60 206.141.193.55
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
  • 0

Advertisements

#32
Kat
Posted 02 May 2005 - 06:48 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Copy EVERYTHING in the code box below and paste it into notepad. Change the "Save As Type" to "All Files" and save it as fix.reg on your desktop. Make sure there is NO blank line above "REGEDIT4":

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

[-HKEY_CLASSES_ROOT\CLSID\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
Double-click fix.reg on your desktop. When asked if you want to merge with the registry click YES

*Double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file path listed below (EXACTLY as it appears, please double check to make sure! I would just copy the file path and paste it in the field):

C:\WINDOWS\System32\winupdt.008
C:\WINDOWS\System32\Free Cell Phone.ico
C:\wp.bmp
C:\!Submit\param32.dll
C:\Documents and Settings\vargas\Local Settings\Temporary Internet Files\Content.IE5\C3AN8BIX\svcproc[1].exe
C:\EliteToolBar version 60.dll
C:\Program Files\Microsoft AntiSpyware\Quarantine\8904C328-450B-4EBA-B5FB-C24EC8\1E80E43B-5A8E-4AC2-AB62-8A8B64
C:\WINDOWS\Downloaded Program Files\setup4002b.ini
C:\WINDOWS\system32\Free Cell Phone.ico
C:\WINDOWS\system32\Free LapTop Computer.ico
C:\WINDOWS\system32\Free Ringtones!.ico
C:\WINDOWS\system32\Free Sony Playstation.ico
C:\WINDOWS\system32\Free U2 iPod.ico
C:\WINDOWS\system32\NBA Giveaway.ico
C:\WINDOWS\system32\winupdt.008
C:\wp.bmp
Press the button that looks like a red circle with a white X in ite. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the YES button. Click NO to any "PendingRenameOperation" prompt. If your computer does not automatically restart, please restart it manually.

Now, open HJT and scan for a log. Place a check next to ONLY the following entries (if they still appear)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {10C2015A-F1C9-4C70-9715-3BAC926D6C56} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {10C2015A-F1C9-4C70-9715-3BAC926D6C56} - (no file) (HKCU)

Make sure all other programs are closed, and click the "Fix" button. Then reply here with a fresh HJT log, and let me know how it's running now!
  • 0

#33
HELP!!
Posted 02 May 2005 - 07:42 PM

HELP!!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
It's doing great! I think we are done right? Well thank you for your help, I really aprecciate it. Without you I wouldn't have fix it so thanks a lot!
  • 0

#34
Kat
Posted 02 May 2005 - 07:59 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
:tazz: Yes, we should have gotten it all now. If you want, you can post a last HJT log for me to check. Otherwise, I'm glad things are running well now! ;)
  • 0

#35
HELP!!
Posted 02 May 2005 - 09:01 PM

HELP!!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
that's okay. but my friend has a problem, she has a cd stuck inside the hard drive and it doesn't want to open b/c she was going to burn a cd, I know this doesn't belong in here, but I need help.
  • 0

#36
Kat
Posted 02 May 2005 - 09:05 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
you'll need to post that question in the proper forum area, I would suggest the Hardware section. The guys there will be able to help with that.

Congratulations! :tazz: Your log is clean! ;)
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs: [list]
[*]AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.

This thread is being closed as the topic has been resolved. If you need help in the future, please feel free to start a new thread.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP