Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Recurring infection on XP - haha

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
Hi folks,

First post here - I've found you via google.co.uk trying to find a way to get rid of the spyware my buddy has managed to get all over his PC. I've done Ad-Aware and SpyBot S&D and here is the HJT log. I hope someone can help me - I'd sure appreciate it (I've been at this for 5 hours or more now and I'm ready to format and re-install) ;-)

Logfile of HijackThis v1.98.2
Scan saved at 03:32:44, on 13/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve...rch/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [sdfsdfsdf] C:\sp2update.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [MS FIREWALL] msfrewall.exe
O4 - HKLM\..\Run: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\Run: [Microsoft WinUpdates] serm32.exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Microsoft AutoUpdater] svhost.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\wrvoswh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ijsr] C:\WINDOWS\ijsr.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [Microsoft--Updates] sxvhost.exe
O4 - HKLM\..\RunServices: [Microsoft AutoUpdater] svhost.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdates] serm32.exe
O4 - HKLM\..\RunServices: [MS FIREWALL] msfrewall.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKCU\..\Run: [Windows Monitor] winmon.exe
O4 - HKCU\..\Run: [MS FIREWALL] msfrewall.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft AutoUpdater] svhost.exe
O4 - HKCU\..\RunServices: [Windows Monitor] winmon.exe
O4 - HKCU\..\RunServices: [MS FIREWALL] msfrewall.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...35fcd20aad4faa7
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab

That's it. I'll check back inthe morning. Thanks.
  • 0




    Member 2k

  • Retired Staff
  • 2,678 posts
Please run a free online virus scan here (tick the "Auto Clean" checkbox):

And a free trojan scan here:

Reboot and post new log.

-=jonnyrotten=- <_<
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Thanks, but the PC was not connected to the internet at the time - just too dirty to allow on my network at home. Anyway, I think I've solved it by going through the entries one at a time and finding them in boards either here or elsewhere.

:D The people that write and distribute these things should be locked up. They've stolen 10 hours of my life (this time round).

I appreciate what you guys are doing to help. <_<

  • 0



    Founder Geek

  • Administrator
  • 24,490 posts
Post a fresh log and we'll make sure you got it all. <_<
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP