Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Hijack Log


  • This topic is locked This topic is locked

#31
HELP!!

HELP!!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Okay


Incident Status Location

Adware:Adware/PortalScan No disinfected C:\WINDOWS\System32\winupdt.008
Adware:Adware/BookedSpace No disinfected Windows Registry
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\System32\Free Cell Phone.ico
Adware:Adware/BlueScreenWarningNo disinfected C:\wp.bmp
Adware:Adware/Hotoffers No disinfected C:\!Submit\param32.dll
Adware:Adware/Transponder No disinfected C:\Documents and Settings\vargas\Local Settings\Temporary Internet Files\Content.IE5\C3AN8BIX\svcproc[1].exe
Adware:Adware/EliteBar No disinfected C:\EliteToolBar version 60.dll
Adware:Adware/ClkOptimizer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8904C328-450B-4EBA-B5FB-C24EC8\1E80E43B-5A8E-4AC2-AB62-8A8B64
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup4002b.ini
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free Cell Phone.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free LapTop Computer.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free Ringtones!.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free Sony Playstation.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free U2 iPod.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\NBA Giveaway.ico
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.008
Adware:Adware/BlueScreenWarningNo disinfected C:\wp.bmp

Logfile of HijackThis v1.99.1
Scan saved at 5:49:36 PM, on 5/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\vargas\Desktop\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Microsoft AntiSpyware helper - {10C2015A-F1C9-4C70-9715-3BAC926D6C56} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {10C2015A-F1C9-4C70-9715-3BAC926D6C56} - (no file) (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...474/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F626A38-B7A3-45A8-B3E5-48902C231497}: NameServer = 206.141.192.60 206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F626A38-B7A3-45A8-B3E5-48902C231497}: NameServer = 206.141.192.60 206.141.193.55
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
  • 0

Advertisements


#32
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Copy EVERYTHING in the code box below and paste it into notepad. Change the "Save As Type" to "All Files" and save it as fix.reg on your desktop. Make sure there is NO blank line above "REGEDIT4":

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

[-HKEY_CLASSES_ROOT\CLSID\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
Double-click fix.reg on your desktop. When asked if you want to merge with the registry click YES

*Double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file path listed below (EXACTLY as it appears, please double check to make sure! I would just copy the file path and paste it in the field):

C:\WINDOWS\System32\winupdt.008
C:\WINDOWS\System32\Free Cell Phone.ico
C:\wp.bmp
C:\!Submit\param32.dll
C:\Documents and Settings\vargas\Local Settings\Temporary Internet Files\Content.IE5\C3AN8BIX\svcproc[1].exe
C:\EliteToolBar version 60.dll
C:\Program Files\Microsoft AntiSpyware\Quarantine\8904C328-450B-4EBA-B5FB-C24EC8\1E80E43B-5A8E-4AC2-AB62-8A8B64
C:\WINDOWS\Downloaded Program Files\setup4002b.ini
C:\WINDOWS\system32\Free Cell Phone.ico
C:\WINDOWS\system32\Free LapTop Computer.ico
C:\WINDOWS\system32\Free Ringtones!.ico
C:\WINDOWS\system32\Free Sony Playstation.ico
C:\WINDOWS\system32\Free U2 iPod.ico
C:\WINDOWS\system32\NBA Giveaway.ico
C:\WINDOWS\system32\winupdt.008
C:\wp.bmp

Press the button that looks like a red circle with a white X in ite. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the YES button. Click NO to any "PendingRenameOperation" prompt. If your computer does not automatically restart, please restart it manually.

Now, open HJT and scan for a log. Place a check next to ONLY the following entries (if they still appear)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {10C2015A-F1C9-4C70-9715-3BAC926D6C56} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {10C2015A-F1C9-4C70-9715-3BAC926D6C56} - (no file) (HKCU)

Make sure all other programs are closed, and click the "Fix" button. Then reply here with a fresh HJT log, and let me know how it's running now!
  • 0

#33
HELP!!

HELP!!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
It's doing great! I think we are done right? Well thank you for your help, I really aprecciate it. Without you I wouldn't have fix it so thanks a lot!
  • 0

#34
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
:tazz: Yes, we should have gotten it all now. If you want, you can post a last HJT log for me to check. Otherwise, I'm glad things are running well now! ;)
  • 0

#35
HELP!!

HELP!!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
that's okay. but my friend has a problem, she has a cd stuck inside the hard drive and it doesn't want to open b/c she was going to burn a cd, I know this doesn't belong in here, but I need help.
  • 0

#36
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
you'll need to post that question in the proper forum area, I would suggest the Hardware section. The guys there will be able to help with that.

Congratulations! :tazz: Your log is clean! ;)
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs: [list]
[*]AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.

This thread is being closed as the topic has been resolved. If you need help in the future, please feel free to start a new thread.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP