Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack log

Started by clyde , Jan 03 2005 08:09 PM

  • This topic is locked This topic is locked

#1
clyde
Posted 03 January 2005 - 08:09 PM

clyde

    Member

  • Member
  • PipPip
  • 29 posts
Hello again dear friends,
todays episode entitled "sister's computer"
Installed adaware but it stalls in the program files folder every time. I tried moving the folder it stalled on but it would just stall on another one. I deleted it and re installed it but had the same trouble. At the time it is stalling there are roughly 30 objects detected.
With spy bot I kept getting a window informing me of a known thingy trying to get in and asked if I wanted to block it. Every time I said yes and every time it asked. I checked for updates as always and was immunized against everything.
I finally removed spy bot so as not to get any more confused. I have installed and ran cw shredder. Also spy sweeper was installed and ran. I've installed and am running AVG anti-virus. It keeps informing me of a few trojan horses but it can't seem to get rid of them. I did run Hijack this and fixed a couple of naughty things I recognized but obviously there is loads more
This is the first time I have ever had any trouble with either Adaware or Spy bot.
Thanks in advance.
hugs and Kisses
clyde
Logfile of HijackThis v1.98.2
Scan saved at 8:50:42 PM, on 1/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lsass2k.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\3. Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [lsass2k Update] lsass2k.exe
O4 - HKLM\..\Run: [TURXP Protocol] sps32.exe
O4 - HKLM\..\Run: [HLL Data Parameter] hllcxpa.exe
O4 - HKLM\..\RunServices: [Microsoft Task32 Protocol] taskmgr32.exe
O4 - HKLM\..\RunServices: [Microsoft ALGXP Protocol] alg32.exe
O4 - HKLM\..\RunServices: [TURXP Protocol] sps32.exe
O4 - HKLM\..\RunServices: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKLM\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O4 - HKLM\..\RunServices: [lsass2k Update] lsass2k.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [TURXP Protocol] sps32.exe
O4 - HKCU\..\Run: [lsass2k Update] lsass2k.exe
O4 - HKCU\..\Run: [HLL Data Parameter] hllcxpa.exe
O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP