This topic is locked
Please could some give me some advice on my hijacked log file below, it just, i'm basically a novice. I think my computer has been hijacked. I have removed loads of spyware and registry key with after a downloading spree on emule which is obviouly loaded with spyware and black hat programmers.
Logfile of HijackThis v1.99.1
Scan saved at 16:33:06, on 15/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steven Monnelly\Desktop\HijackThis.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\HS\HiJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sms.ed.ac.uk/
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
Also when i scanned the system behaviour two files apeer, I tried to fix them but it failed to do so. From my very brief research I found out 04 signals that it starts up in the registry and that hijacker hackers etc can program there softwqare to start up when the computer does and even goes as far as re-infecting even when you rebot. Is this true or ws i reading lies ????THE FILES APEAR AS ON THE SCAN RESULTS OF SYSTEM BEHAVIOUR. HIJACKED PROGRAM DELEATED ALOT OF FILE BUT FOR SOME RAESON IT CANT DEAL THE MENTIONED FILE PROGRAM;
04-Global Start Up:C:\Documents and Settings\All Users\Start Menu\Programs\Start Up\Desktop.ini
04-Global User Start Up :C:\Documents and Settings\All Users\Start Menu\Programs\Start Up\Desktop.ini
ANY ADVICE WOULD BE VERY MUCH APPRECIATED
THANKS FOR KNOW STEVEN
Sign In
Create Account
