Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HIjack this log, PLEASE HELP


  • This topic is locked This topic is locked

#1
Steven Monnelly

Steven Monnelly

    New Member

  • Member
  • Pip
  • 4 posts
To whom it may concern,
Please could some give me some advice on my hijacked log file below, it just, i'm basically a novice. I think my computer has been hijacked. I have removed loads of spyware and registry key with after a downloading spree on emule which is obviouly loaded with spyware and black hat programmers.

Logfile of HijackThis v1.99.1
Scan saved at 16:33:06, on 15/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steven Monnelly\Desktop\HijackThis.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\HiJack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sms.ed.ac.uk/
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Also when i scanned the system behaviour two files apeer, I tried to fix them but it failed to do so. From my very brief research I found out 04 signals that it starts up in the registry and that hijacker hackers etc can program there softwqare to start up when the computer does and even goes as far as re-infecting even when you rebot. Is this true or ws i reading lies ????THE FILES APEAR AS ON THE SCAN RESULTS OF SYSTEM BEHAVIOUR. HIJACKED PROGRAM DELEATED ALOT OF FILE BUT FOR SOME RAESON IT CANT DEAL THE MENTIONED FILE PROGRAM;

04-Global Start Up:C:\Documents and Settings\All Users\Start Menu\Programs\Start Up\Desktop.ini
04-Global User Start Up :C:\Documents and Settings\All Users\Start Menu\Programs\Start Up\Desktop.ini
ANY ADVICE WOULD BE VERY MUCH APPRECIATED
THANKS FOR KNOW STEVEN
  • 0

Advertisements


#2
Steven Monnelly

Steven Monnelly

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Please Help,
When i run a scan on the sysytem behaviour it brings up the following twp problems;

04-Global Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Start Up\desktop.ini
04-Global User Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Start Up\desktop.ini

Can ANYONE please tell me how I can remove these problems. Do i need to access the registry to completely remove them or is there an easier method?

IS THIS THE CORRECT FORUM FOR POSTING YOUR
  • 0

#3
Steven Monnelly

Steven Monnelly

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I have managed to remove the problem from the registry with upgrading bsp software to vercion 9.0
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP